Top 10 Reasons to Attend SecureWorld
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Thursday, September 23, 2021
    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:00 am
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Roundtable
    • session level icon
    Topic: Stepping into the Breach
    speaker photo
    AVP, Information Security, Amerisure Insurance
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:50 am

    This session is for SecureWorld Advisory Council members by invite only. The discussion, moderated by Bob Bacigal, will cover Cyber Incident Response:

    • Cyber Incident Response Plans
    • Response Teams
    • Cyber Insurance
    • Playbooks
    • Tabletop Exercises
    • After Action Reviews
    8:15 am
    InfraGard Michigan Chapter Meeting
    • session level icon
    speaker photo
    Sr. Business Consultant, Cybersecurity, Honeywell Building Solutions
    speaker photo
    Technical Leader, Cyber Threat Intelligence, Ford Motor Company; President, Michigan InfraGard Members Alliance
    speaker photo
    Special Agent and Private Sector Coordinator, FBI
    speaker photo
    VP & CISO, Lear Corporation; Board Member, Michigan InfraGard Members Alliance
    speaker photo
    Manager, Cyber Security Nuclear Fleet, Exelon Generation
    Registration Level:
    • session level iconOpen Sessions
    8:15 am - 9:00 am

    This session is open to all attendees. We welcome members and prospective members interested in the InfraGard Michigan Members Alliance. This meeting will consist of a “Fireside Chat” with Board Members, Infrastructure Section Chiefs, and our partners at the FBI.

    AGENDA:

    8:15-8:30 a.m.
    Chris Christensen our VP will Open our session with a short slide presentation from the national office.

    8:30-8:55 a.m.
    Stephanie Scheuermann our President, Earl Duby, Nathan Faith, and Michael Glennon will have a roundtable discussion about what InfraGard the information sharing association is all about.

    8:55 a.m.
    Chris Christensen will close the meeting.

    9:00 am
    [Keynote] Ransomware as an Evolution of Cybercrime
    • session level icon
    speaker photo
    Assistant Director, Office of Investigations, United States Secret Service
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am

    The U.S. Secret Service has observed a marked uptick in the frequency, sophistication, and destructiveness of ransomware attacks against U.S. organizations. While this surge is due to a number of complex and interrelated factors, there are some key drivers of this cyberthreat that should be understood. Join this fireside chat with one of the leaders of the U.S. Secret Service to explore the origins of ransomware, how it continues to evolve, and steps that both the private and public sector can take right now to mitigate this risk.

    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:00 am
    Location / Room: Exhibitor Floor

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:00 am
    Modern Cyber Resilience
    • session level icon
    speaker photo
    CISO, The Kraft Heinz Company
    speaker photo
    Americas CISO, JLL
    speaker photo
    Interim CISO, University of Chicago Medical Center; CSO, Trexin Group
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am
    10:00 am
    Manual Processes, Be Gone: The Future of Third-Party Risk Management
    • session level icon
    speaker photo
    CISO, Reciprocity, Inc
    speaker photo
    Vice President, Reciprocity, Inc
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    Whether a start-up or an enterprise, you are probably working with multiple vendors, using their software and reliant on their systems. Yet while these external vendors provide invaluable services, they also introduce significant risk to your company’s information security.

    How do you know if your vendors are meeting required contractual, security, and privacy obligations?

    If you don’t have processes in place to assess the risks these third parties pose, then your answer is most likely you don’t. And this is critical: You need to know the risks of working with third parties and that you can trust them—because if they go down, your business may, too.

    Assessing risk, however, can be incredibly complex. Traditional risk management approaches that rely on manual processes, spreadsheets and even survey methods don’t scale well and are not automated enough. And they certainly can’t support a third-party vendor network once it reaches a certain size: spreadsheets and email folders become overwhelming, ad hoc processes and reporting cycles create confusion, and manual reviews lead to missed issues and trends. In fact, the more successful an organization is—and the more third-party vendors they work with—the more automation and continuous monitoring are required.

    Reciprocity works with companies of all sizes to help streamline and improve third-party risk management. Join Reciprocity CISO Scott McCormick and VP Rob Ellis as they walk you through:

    • Examples of vulnerabilities and common attack techniques
    • Steps to mature your third-party risk management program
    • How to implement automation and make your program more proactive (or continuous)
    • A case study detailing how ZenGRC helped Conversica drastically improve its compliance and risk posture, resulting in 60 saved days and $80k in hard savings
    10:00 am
    How IoT Devices Are Driving Cyber Risk
    • session level icon
    speaker photo
    Vice President, Strategy & Risk, RiskRecon, a Mastercard company
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    In the new digital transformation age, companies are more susceptible to exposing their data to the internet. A recent research study conducted by RiskRecon and the Cyentia Institute found that firms with IoT devices exposed to the internet have a 62% higher prevalence of cyber risk issues and 86% of security findings related to IoT devices are rated as critical.

    Learn how you can protect your organization from these IoT threats, and how to utilize continuous monitoring data to ensure that your vendors are not exposing their IoT devices to the internet, leaving you just as vulnerable.

    10:00 am
    Information Protection and Cloud Security Overview
    • session level icon
    speaker photo
    Global Director, Cloud and Information Protection, Proofpoint
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    Data Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations—especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021?

    10:30 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 10:45 am

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:45 am
    Policies, Standards, Processes: Using a Free CSF to Create IS Policy Documents
    • session level icon
    speaker photo
    Information Security Manager of GRC, Emergent Holdings
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    Running an information security organization is often very reactive. As you fight your way through the jungle of chaos, you realize that you need rules, regulations, and controls to build a fortress to shelter your valuables against risks and threats. But how do you begin to get and keep everything under control? With your information security policy documents, of course. Creating usable policy documents is very tricky if you don’t know where to start or how to make them meaningful and enforceable. In this session:

    • We will discuss the differences between a policy, standard, process, and guideline.
    • You will receive an overview of how to use the free version of the HITRUST CSF to create Information Security policy documents.
    • We will view a sample of a policy and standard created from the free version of the HITRUST CSF.
    10:45 am
    Reducing Complexity While Increasing Data Protection in Financial Services
    • session level icon
    speaker photo
    VP, Security and Privacy, PKWARE
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    Financial service firms have a responsibility to provide fool-proof security to instill faith in customers, and send a strong message that combating threats is a prime objective. They cannot afford to be complacent, especially when the majority of information produced or utilized in financial services is private and sensitive, not to mention highly regulated. All this adds up to make cybersecurity vital to business.

    Building sustainable ongoing security starts with all-inclusive optics into the sensitivity of data and automated organization-wide control of it. Organizations can assemble all this with multiple solutions, but doing so is time-consuming, expensive, and can be fraught with integration woes.

    There’s a better way. This session takes a deep dive into reducing complexity in sensitive and private data protection, including:

    • How to dig deep across the enterprise into every place sensitive data may be stored, from data lakes to endpoint devices
    • The benefit of automatic policy-specific remediation, including masking, redaction, deletion, and encryption
    • How to scale data protection and compliance as data volumes increase
    10:45 am
    Application Security: A Multi-Pronged Approach
    • session level icon
    speaker photo
    Security Solutions Architect, Radware
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    If you’re reading this, it’s probably because you’ve been responsible at some level, or at some point in time, for protecting your enterprise applications. We are all aware that applications are subject to attackers’ attempts to either take an application offline or exfiltrate data from the application for sale on the Dark Web. So, how can you prevent application downtime or data exfiltration? Join us to look at the state of the art technologies used to prevent the most advanced attacks.

    10:45 am
    The Value of Continuous Security Validation
    • session level icon
    speaker photo
    Technical Director, AttackIQ
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    With cyber threats on the rise and the abundance of security controls and capabilities out there, how do you gain confidence in your ability to protect critical assets? Testing. Continuous validation of your controls and their capabilities. Let’s talk about how that looks and why it works.

    11:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 11:30 am

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    11:30 am
    Show Off the Skeletons in Your Closet
    • session level icon
    speaker photo
    Regional Cybersecurity Manager, Faurecia
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    Blue Teams and cyber defenders do a great job at securing 95% of their assets, but everyone has skeletons in their closet—the legacy machines, unpatched software, and other security risks. Instead of pretending they don’t exist, let’s discuss how we can lead with this information to best secure the environment. Everyone has weaknesses; it’s time to highlight them and plan accordingly. We can all help each other in this process.

    This is an action-oriented presentation that will help any defender identify, discover, and document their worst security issues and how to communicate the issues effectively to all levels of management. Once identified, now let’s address how to secure them as best as possible, especially when killing them is not an option.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:30 am
    Getting Ahead of the Ransomware Operations Life Cycle
    • session level icon
    speaker photo
    Director, Strategic Threat Advisory Group, CrowdStrike
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    Join this session to learn about CrowdStrike’s most current understanding regarding the ever-prevalent ransomware threat and our observations around how the ransomware ecosystem has evolved over the last couple of years. Attendees of this session will benefit from the unique insights into the associated enablers of ransomware, including associated initial access techniques, ransomware-related business models, and our newest data around monetization schemes being leveraged by the eCrime extortion community. Lastly, CrowdStrike will close by proposing actionable recommendations that organizations can undertake in order to harden their cybersecurity environment against the ransomware threat.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:30 am
    A Critical Look at the Security Posture of the Fortune 500
    • session level icon
    speaker photo
    Sr. Director, Chief Security Data Scientist, Rapid7
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    The global pandemic has brought many changes to the IT landscape of corporations across the globe. To see how this has impacted the “best of the best,” Rapid7 Labs has reprised its seminal industry cyber exposure research from 2018 to see how the security posture of Fortune 500 organizations has evolved (or devolved), and to present solid advice to CISOs and practitioners looking to improve their cybersecurity practices.

    11:30 am
    The Implementation Journey of Zero Trust and SASE: Realizing the Benefits
    • session level icon
    speaker photo
    CSO & VP, Cloud Security Transformation, Netskope
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    Most organizations have a hybrid implementation of cloud and on-prem services. With the rapid adoption of business digitalization and expanding remote work force, how do we consolidate controls and enhance the security of the systems?

    In this hybrid mode, enterprises need speed, visibility, security, and reliability without compromise. Enter the secure access service edge, better known as SASE. It’s inevitable that SASE implementations and Zero Trust implementations will provide a more comprehensive security capability to truly support digital transformation. How can your organization best position itself for the transition?

    In this session, James Christianson will discuss:
    ·  How to migrate your security controls to take advantage of SASE
    ·  Reducing cost while increasing your security posture
    ·  Implementing a road map for SASE / Zero Trust

    12:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    12:15 pm
    Strategies for Client Cybersecurity Assurance
    • session level icon
    speaker photo
    Sr. Director, Client Security, Equifax Canada
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    12:15 pm
    [Panel] Cloud: Power and Peril
    • session level icon
    speaker photo
    Global Director, Cloud and Information Protection, Proofpoint
    speaker photo
    CISO of North America, Checkmarx
    speaker photo
    Principal Cloud Architect, Sales Engineering, Gigamon
    speaker photo
    Director of Information Security and Research, Automox
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    We are making history now, in the cloud. Organizations are utilizing cloud at record levels, revealing its power like never before. However, much of this shift was forced, and fast, which increased risk. And attackers are shifting, too. Join this panel as we unpack the power of the cloud and also its peril: current challenges, threats, and pitfalls.

    12:15 pm
    [Panel] It's a Zero Trust World
    • session level icon
    speaker photo
    Vice President of Security, Code42
    speaker photo
    Global Principal Engineer, Corelight
    speaker photo
    VP, Product Marketing, Encryption, Thales Group
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    We used to go by the “trust but verify” philosophy, but that didn’t exactly secure the enterprise. It’s time to take a more proactive approach. The Zero Trust concept isn’t new, but it seems to address many of the current security and privacy needs of companies. This panel will highlight the pitfalls, wins, and what you need to know to live and work in a Zero Trust world.

    12:15 pm
    Executive Roundtable
    • session level icon
    Topic: Security Breach Insurance
    speaker photo
    Chief Information Security & Privacy Officer, WorkForce Software
    Registration Level:
    • session level iconVIP / Exclusive
    12:15 pm - 1:00 pm

    Discussion forum for executive leaders and SecureWorld Advisory Council members (10-15, invite only). Moderated by Michael Muha.

    Cyberattacks are now the norm, and companies have become more vulnerable to them. There are more attacks, and attacks are more severe. Cyber insurance is one of the tools that some of us are using to respond and recover from cyberattacks. This roundtable asks participants to discuss their experiences:

    • Who owns cyber insurance in your organization?
    • Has security been involved in the process?
    • Has it been hard to renew your cyber insurance this year?
    • Have you taken advantage of the cyber insurance vendor’s “preferred vendor list”?
    • Have you put a breach coach and incident response team on retainer?
    • Have you reviewed your Incident Response plan with the breach coach? Did they help you create a better plan?
    • What was your experience doing tabletop with your cyber insurance contacts?
    • If you had an incident, how easy was it to communicate with your cyber insurance carrier and/or broker, breach coach, IT team? Did they hinder or enhance your response?

    1:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    1:15 pm
    Demystifying Data Science for Modern Cyber Operations
    • session level icon
    speaker photo
    Principal Cybersecurity Researcher, General Electric Gas Power
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    With the explosion of connected devices, manual review of security events isn’t keeping pace (and hasn’t for a while). Data analytics is not a new concept to cybersecurity, and nearly all vendors proclaim its virtues. Then why do cyber professionals avoid unlocking the potential of data science techniques in daily operations?

    This presentation tackles the fundamentals of data acquisition, graph analytics, artificial intelligence, and machine learning. Sound complicated? Don’t worry! This presentation isn’t for PhDs, it’s for real-world cyber operators. Practical examples in threat hunting, attack modeling, intelligence mapping, and event detection with open source tools included! Key takeaways will include:

    • How data science skills and techniques will further your career as a cyber operations professional
    • An introduction to the fundamentals of data science, including data acquisition, graph analytics, artificial intelligence, and machine learning
    • How to apply data science techniques to real-world cyber operations
    • An introduction to open source tools for network graphing and AI-enabled threat modeling

    Presentation level: TECHNICAL (deeper dive including TTPs)

    1:15 pm
    Build vs. Buy: Advantages of a Pre-Built Solution
    • session level icon
    speaker photo
    Sr. Product Marketing Manager, Okta
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    In this session, John Wilke will guide you through the advantages of a pre-built identity solution. He will review how identity used to be a cost center but now is viewed as a business enabler and strategic initiative. He will also help you compare the options when looking to build out a modern identity solution.

    1:15 pm
    A Proven Approach to Embed Security into DevOps
    • session level icon
    speaker photo
    Security Evangelist & Sr. Solution Specialist, Checkmarx Inc.
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    The shift towards DevOps makes it clear that organizations are adopting this model to facilitate the practice of automating development, delivery, and deployment of mission-critical software. While the traditional idea of a software release dissolves into a continuous cycle of service and delivery improvements, organizations find that their conventional approaches to application security are having a difficult time adapting to DevOps, since security if often viewed as an inhibitor to this new approach.

    Join Stephen Gates, Checkmarx SME, where you’ll:

    • Discover the six proven steps of embedding software security into DevOps.
    • Learn how to ensure vulnerabilities and run-time risks are identified and remediated early in development.
    • Explore the benefits of AppSec integration and automation into the tooling your developers use.
    • Hear about new AppSec awareness and training approaches to improve developer secure coding skills.
    1:15 pm
    [Panel] Ransomware: Myths, Pitfalls, and New Insights
    • session level icon
    speaker photo
    Chief Product and Security Officer, Cybereason
    speaker photo
    Principal Security Strategist, Synopsys
    speaker photo
    Information Security Manager, Cobalt.io
    speaker photo
    Director, Threat Hunting Operations, ReversingLabs
    speaker photo
    SVP, Intelligence, CrowdStrike
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    One thing we have learned over the past 18 months is that ransomware is very lucrative. Backups and cyber insurance have you covered, right? Not so fast. Misinformation abounds around digital extortion. Join our panel of experts as they unpack some of the myths and pitfalls around ransomware and offer valuable insight on how to keep your company out of the headlines!

    2:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    2:15 pm
    [Closing Keynote] 2022 and Beyond Cyber Priorities
    • session level icon
    speaker photo
    CSO, State of Michigan - Department of Technology, Management and Budget
    speaker photo
    CISO, Illinois Department of Innovation & Technology (DoIT)
    speaker photo
    CISO, Meritor
    speaker photo
    CSO, Security Mentor; Former CISO, State of Michigan
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
Exhibitors
  • AttackIQ
    Booth:

    AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to identify security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. The Company is committed to giving back to the cybersecurity community through its free AttackIQ Academy, open Preactive Security Exchange, and partnership with MITRE Engenuity’s Center for Threat Informed Defense.

  • Automox
    Booth:

    Automox tackles one of today’s biggest cybersecurity challenges: misconfigured and out-of-date systems that can easily be exploited. Legacy tools simply cannot remediate known vulnerabilities as efficiently as modern IT demands. Automox is rewriting those rules with a cloud-native endpoint hardening platform that delivers unprecedented speed, simplicity, and automation—whether it is on-prem, in the cloud, or on the move.

  • Checkmarx Inc.
    Booth:

    Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.

  • Cobalt.io
    Booth:

    Cobalt’s Pentest as a Service (PtaaS) Platform transforms traditional pentesting into a data-driven vulnerability management engine. Fueled by a global talent pool of certified freelancers, our modern pentest platform delivers actionable results that empowers agile teams to pinpoint, track, and remediate vulnerabilities.

  • Code42
    Booth:

    Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

  • Corelight
    Booth:

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com

  • CrowdStrike
    Booth:

    CrowdStrike is the leader in cloud-delivered next-generation endpoint protection. CrowdStrike has revolutionized endpoint protection by being the first and only company to unify next-generation antivirus (AV), endpoint detection and response (EDR), and a 24/7 managed hunting service—all delivered via a single lightweight agent.

  • Cybercrime Support Network
    Booth:

    Cybercrime Support Network (CSN) is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime. CSN’s mission is to improve the plight of Americans facing the ever growing impact of cybercrime by bringing together national partners to support cybercrime victims before, during, and after.

  • Cybereason
    Booth:

    Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason’s behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.

  • Domino’s
    Booth:

    Domino’s Pizza, which began in 1960 as a single store location in Ypsilanti, MI, has had a lot to celebrate lately. We’re a reshaped, reenergized brand of honesty, transparency, and accountability—not to mention, great food! In the rise to becoming a true technology leader, the brand is now consistently one of the top five companies in online transactions, and 65% of our sales in the U.S. are taken through digital channels. The brand continues to “deliver the dream” to local business owners, 90% of which started as delivery drivers and pizza makers in our stores. That’s just the tip of the iceberg… or as we might say, one slice of the pie! If this sounds like a brand you’d like to be a part of, consider joining our team!

  • Gigamon
    Booth:

    Gigamon is the first company to deliver unified network visibility and analytics on all information-in-transit, from raw packets to apps, across physical, virtual and cloud infrastructure. We aggregate, transform and analyze network traffic to solve for critical performance and security needs, including rapid threat detection and response, freeing your organization to drive digital innovation. Gigamon has been awarded over 75 technology patents and enjoys industry-leading customer satisfaction with more than 3,000 organizations, including over 80 percent of the Fortune 100. Headquartered in Silicon Valley, Gigamon operates globally. For the full story on how Gigamon can help you to run fast, stay secure and innovate, please visit www.gigamon.com.

  • InfraGard Michigan
    Booth:

    InfraGard is a partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration with government that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. With thousands of vetted members nationally, InfraGard’s membership includes business executives, entrepreneurs, military and government officials, computer professionals, academia and state and local law enforcement; each dedicated to contributing industry specific insight and advancing national security.

  • ISACA Chicago Chapter
    Booth:

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the metro Chicago area.

    Chapter meetings are generally held the third Thursday of each month at The Conference Center at One North Wacker (1 N. Wacker Drive, 2nd Floor, Chicago, Illinois 60606)

    Please check our web site from time to time for the most up-to-date listing of chapter related events and training opportunities.

  • (ISC)2
    Booth:

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA Motor City
    Booth:

    The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals. The Motor City chapter is located in the automotive capital of the United States, Detroit, MI. Our chapter is committed to educating, consulting, advising, and overall improving information security for our technology infrastructures.

  • ISSA Chicago Chapter
    Booth:

    The Chicago Chapter of the Information Systems Security Association (ISSA) has a mission to offer a stimulating combination of discussion forums, hands-on learning, CISSP certification training, conferences, and other events which are designed to enhance understanding and awareness of information security issues for information security professionals.

    Whether you are exploring a career in cybersecurity, honing your technical expertise or an established security executive, the ISSA offers you a network of 10,000 colleagues worldwide to support you in managing technology risk and protecting critical information and infrastructure. Enhance your professional stature, expand your peer network and achieve your personal career goals. Your local chapter and ISSA International will provide you with a wealth of resources to keep you current with industry trends and developments in our ever-evolving field.

  • Netskope
    Booth:

    The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.

  • Okta
    Booth:

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • PKWARE
    Booth:

    PKWARE protects the world’s data with smart encryption software and solutions. In use by more than 35,000 customers, including government agencies and global corporations, PKWARE’s easy-to-use security armors data itself and eliminates vulnerabilities wherever data is used, shared or stored.

    PKWARE offers the only data discovery and protection solution that locates and secures sensitive data to minimize organizational risks and costs, regardless of device or environment. Our software enables visibility and control of personal data, even in complex environments, making PKWARE a global leader in data discovery, security, and compliance.

  • Proofpoint
    Booth:

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • Radware
    Booth:

    Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.

  • Rapid7
    Booth:

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • Reciprocity
    Booth:

    ZenGRC enables companies to track, manage, and assess information security compliance and remediate risk from one consolidated, easy-to-use, lightweight platform. We are making an inefficient system more efficient, delivering amazing value at a reasonable price, and are helping businesses adapt to a changing world.

    Our platform streamlines evidence collection, simplifies audits, manages vendor risk, and is a single source of truth that allows control consolidation across multiple compliance standards.

    As regulations become more complicated, ZenGRC is becoming a crucial tool for any information security department to have.

  • ReversingLabs
    Booth:

    ReversingLabs automatically detects and analyzes sophisticated file-based threats built to evade security controls from development to the SOC. Our hybrid-cloud Titanium Platform verifies binaries at the speed, accuracy, and scale required for software development, third-party software acceptance, and security operations teams to take confident action. Learn more at www.reversinglabs.com.

  • RiskRecon
    Booth:

    RiskRecon, a Mastercard company, provides cybersecurity ratings and insights that make it
    easy for enterprises to understand and act on their risks. RiskRecon is the only security rating
    solution that delivers risk-prioritized action plans custom-tuned to match customer risk priorities,
    enabling organizations to efficiently operate scalable, third-party risk management programs for
    dramatically better risk outcomes. Request a demo to learn more about our solution.

  • SailPoint
    Booth:

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • Synopsys
    Booth:

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Thales
    Booth:

    As the global leader in cloud and data protection, we help the most trusted brands and largest organizations in the world protect their most sensitive data and software, secure the cloud and achieve compliance through our industry-leading data encryption, access management, and software licensing solutions.

  • Women in CyberSecurity (WiCyS)
    Booth:

    Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Bob Bacigal
    AVP, Information Security, Amerisure Insurance

    Bob Bacigal is the Assistant Vice President of Information Security at Amerisure Insurance. He has over 30 years of experience in information security management, risk management, incident response, disaster recovery, and business continuity planning. Prior to joining Amerisure, he held security management positions with Great Lakes BanCorp, the Federal Reserve Bank of Chicago, and Delphi Corporation. Bob is an active member of the InfoSec community and has served as President and Chairman of the InfraGard Michigan Members Alliance (IMMA) and is currently serving on its Board of Directors. He is an active member of the State of Michigan CSO Kitchen Cabinet, Detroit CISO Executive Council Governing Body, and the SecureWorld Detroit Advisory Council. Bacigal earned his bachelor’s degree in Criminology form Eastern Michigan University and is both a Certified Information Systems Security Professional (CISSP) and a Certified Information Security Manager (CISM).

  • speaker photo
    Chris Christensen
    Sr. Business Consultant, Cybersecurity, Honeywell Building Solutions

    Chris Christensen is the Cybersecurity Business Consultant for Honeywell Building Solutions (Americas) and specializes in securing Operational Technology (OT) and Industrial Control Systems (ICS) Chris passionately believes that cybersecurity is everyone's shared responsibility and through awareness, education, accountability and positive reinforcement, everyone in an organization can work together to create a safer workplace and more secure society at large. Prior to joining Honeywell Chris worked in several high profile functions managing special projects in the State of Michigan where he served on the Homeland Security Advisory Council and the Homeland Security Preparedness Committee. He was responsible for crafting the first Cyber Disruption Response Plan for the State of Michigan which is still in use today. Chris is on the board of the Michigan InfraGard, he has Bachelor’s Degree from the University of Utah and a Juris Doctorate from Thomas M. Cooley Law School.

  • speaker photo
    Stephanie Scheuermann
    Technical Leader, Cyber Threat Intelligence, Ford Motor Company; President, Michigan InfraGard Members Alliance
  • speaker photo
    Michael R. Glennon
    Special Agent and Private Sector Coordinator, FBI
  • speaker photo
    Earl Duby
    VP & CISO, Lear Corporation; Board Member, Michigan InfraGard Members Alliance
  • speaker photo
    Nathan Faith
    Manager, Cyber Security Nuclear Fleet, Exelon Generation
  • speaker photo
    Jeremy C. Sheridan
    Assistant Director, Office of Investigations, United States Secret Service

    Jeremy Sheridan is the Assistant Director of the Office of Investigations at the United States Secret Service. In this role, he leads more than 160 Secret Service field offices and directs the Secret Service's network of Cyber Fraud Task Forces (CFTFs) in their investigations of sophisticated computer and financial crimes. He also works to ensure the global network of field offices and task forces effectively detect and arrest those who are engaging in the criminal violations the Secret Service is authorized to investigate, while fully supporting diverse protective requirements across the world.

  • speaker photo
    Ricardo Lafosse
    CISO, The Kraft Heinz Company

    Ricardo Lafosse is responsible for IT risk governance, software and product security, incident management, technical disaster recovery, and determining enterprise-wide security policies and procedures. Lafosse regularly presents on security topics at global conferences, including Defcon, MirCon, and ISACA CACS. Lafosse has more than 15 years of experience in information security for the government, finance, legal, and healthcare. Lafosse holds a Master’s in Information Assurance from the Iowa State University. He also holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) designations.

  • speaker photo
    Michael Boucher
    Americas CISO, JLL
  • speaker photo
    Glenn Kapetansky
    Interim CISO, University of Chicago Medical Center; CSO, Trexin Group

    Glenn Kapetansky has a passion for building systems, organizations, and teams, and has done so across a number of business sectors, technologies, and roles. For over 20 years, Glenn has advised senior executives and built teams throughout the delivery cycle: strategy, architecture, development, quality assurance, deployment, operational support, financials, and project planning. His credentials were earned in such diverse industries as healthcare, finance, energy, consumer products, and telecommunications. Glenn's current focus areas—as Senior Principal and Chief Security Officer at Trexin Group—are agile management, data protection, and audit/regulatory compliance.

    Glenn speaks and publishes on occasion. He has been named numerous times in various Who's Who, and is a repeat recipient of Bell Labs' Arno Penzias Award for Innovation in the Marketplace. He is active in CIO Roundtables, CISO Chicago, the Chicago Life Sciences Consortium, and the Technology Leaders' Association. Glenn's certifications and memberships include IEEE, ISC2 (CISSP), ISACA (CISA), and ITIL (SM).

  • speaker photo
    Scott McCormick
    CISO, Reciprocity, Inc
  • speaker photo
    Rob Ellis
    Vice President, Reciprocity, Inc
  • speaker photo
    Jonathan Ehret
    Vice President, Strategy & Risk, RiskRecon, a Mastercard company

    Jonathan has been a third-party risk practitioner since 2004. He is co-founder and former president of the Third-Party Risk Association. He has deep experience building and running third-party risk programs in finance and healthcare. He started with RiskRecon in April, 2020.

  • speaker photo
    Mike Stacy
    Global Director, Cloud and Information Protection, Proofpoint

    Mike Stacy is the Global Cloud and Information Protection Director at Proofpoint. Mike works with customers and oversees technical strategy for areas which include cloud security, advanced email defense, SOAR, browsing security, and SDP. Prior to joining Proofpoint, Mike held numerous technical leadership and product strategy roles across a variety of solutions.

  • speaker photo
    Marcia Mangold
    Information Security Manager of GRC, Emergent Holdings

    Marcia Mangold is the Manager of Information Security Governance, Risk and Compliance for Emergent Holdings, Inc. Marcia has spent the past 17+ years using her abilities to be a business enabler for IT and IS, and has worked for several organizations, including IBM, GE, and Blue Cross Blue Shield of Michigan. Marcia focuses on Information Security awareness training, risk, and policy lifecycle management. Marcia is a Certified Information Systems Security Professional (CISSP), a founding board meeting of the local (ISC)2 chapter, a proud member of the Michigan InfraGard chapter, and a board member of ISSA. In addition, Marcia was a contributing NIST Big Data Public Working Group member for the Special Publication (NIST SP) - 1500-4, Big Data Interoperability Framework: Volume 4, Security and Privacy.

  • speaker photo
    Chris Pin
    VP, Security and Privacy, PKWARE

    Chris Pin serves as PKWARE’s VP, Security and Privacy. In this role, Chris drives value and awareness for all PKWARE customers regarding the various challenges that both privacy and security regulations bring to the data-driven world. He works closely with all customers and potential customers to help them better understand how PKWARE solutions best fit into their environments and processes. He also works very closely with many other departments such as Sales, Marketing, Partners, and Product to help build brand awareness and product insights.

    With over 15 years of experience, Chris’s career began at the Pentagon where he supported the Army Headquarters as a Systems Engineer. Following his tenure at the Pentagon, he transitioned into global architecture and engineering for SOCOM, focusing on global networks and security. This is where he developed a deep understanding of what it takes to operate global networks at scale while ensuring the best security and privacy without jeopardizing the end-user experience.

    Prior to joining PKWARE as part of the Dataguise acquisition, Chris spent four years at Costco leading the data center migration of the e-commerce domain before transitioning into Privacy and Compliance where he was a PCI-ISA and assisted through yearly PCI assessments. Most notably, Chris also led Costco’s GDPR and CCPA efforts on a global scale, working with teams across the company, Infosec, development, policy, legal, employee education, change review, marketing, HR, buyers, and more.

    Chris has a CIPM certification and studied Aviation Management at Dowling College. When not working, he enjoys spending time with family, flying drones, kayaking, and adventuring the Pacific Northwest.

  • speaker photo
    James McGril
    Security Solutions Architect, Radware

    James is a Security Solutions Architect and one of Radware’s thought leaders in Network and Application Security. He's been with Radware for nearly 10 years. James is a self-described geek and enjoys learning about application security and building web applications using the latest technologies. In his off time, James enjoys hiking, surfing, and playing guitar.

  • speaker photo
    Cory Sutliff
    Technical Director, AttackIQ

    Practice Lead for Technical Account Management at AttackIQ. Cory has 20+ years' experience in IT focusing on security, seven+ years with the DoD. He has spent the last two years at AttackIQ delivering Security Optimization (BAS).

  • speaker photo
    Ryan Mostiller
    Regional Cybersecurity Manager, Faurecia

    Ryan has nearly 10 years of experience in defending large enterprise environments, specializing in Windows and Active Directory environments. Ryan has responsibility for Incident Response, Vulnerability Management, and the Management of all Security Tools and Controls. Ryan is a proud double alumnus from Oakland University as well as husband and father.

  • speaker photo
    Jason Rivera
    Director, Strategic Threat Advisory Group, CrowdStrike

    Jason Rivera has over 15 years of experience innovating at the intersection of security operations and technology. He was a former Intelligence Officer/Captain in the U.S. Army, had assignments with the National Security Agency (NSA) and U.S. Cyber Command (USCYBERCOM), and served in combat tours overseas. He has experience in the private sector and built threat intelligence and cybersecurity programs for large Fortune 500 companies and U.S. government agencies. He received his M.A. in Security Studies from Georgetown University, M.A. in Economics from the University of Oklahoma, and his B.A. in Political Science & Economics from the University of Nevada, Las Vegas.

  • speaker photo
    Bob Rudis
    Sr. Director, Chief Security Data Scientist, Rapid7

    Bob Rudis has over 20 years of experience using data to help defend global Fortune 100 companies and is currently [Master] Chief Data Scientist at Rapid7, where he specializes in research on internet-scale exposure. He was formerly a Security Data Scientist & Managing Principal at Verizon, overseeing the team that produces the annual Data Breach Investigations Report. Bob is a serial tweeter (@hrbrmstr), avid blogger (rud.is), R (#rstats) avunculur, author (Data-Driven Security), speaker, and regular contributor to the open source community.

  • speaker photo
    James Christiansen
    CSO & VP, Cloud Security Transformation, Netskope

    James Christiansen is Netskope’s vice president of cloud security transformation and leader of the Global Chief Strategy Office. He is focused on enhancing Netskope’s global clients understand the challenges and solutions of cloud deployments by helping drive thought leadership in cloud security transformation.

    James brings extensive expertise as a global leader in information security. Prior to joining Netskope, he was vice president CISO at Teradata where he led the global security, physical, and information security teams. Previously, James was vice president of information risk management at Optiv, chief information risk officer for Evantix, and CISO at Experian Americas, General Motors, and Visa International.

    As a sought-after expert speaker on security, James has been featured at numerous prestigious events, including the Business Roundtable, Research Board, American Bar Association, American Banker, the RSA Conference, BankInfoSecurity, ISSA, ISACA, HIMSS, and MIS Training Institute. He has also been featured in The New York Times and quoted as an expert in USA Today, The Wall Street Journal, Reuters, United States Cybersecurity Magazine, Bloomberg, and Healthcare IT News.

    James is a patent inventor and has received three innovation awards in cyber security, GRC, and cloud computing. He is the author of the Internet Survival Series and contributing author of CISO Essentials, as well as numerous industry papers.

  • speaker photo
    Arif Hameed
    Sr. Director, Client Security, Equifax Canada

    Arif Hameed is Senior Director at Equifax, where he leads a team that handles client cybersecurity due diligence activities including questionnaires, audits, remediation support, security schedules, etc. Prior to his role at Equifax, he worked at two of the largest banks in Canada in Security Advisory, IT Risk, Third Party Cyber Risk, and IT Audit.

  • speaker photo
    Mike Stacy
    Global Director, Cloud and Information Protection, Proofpoint

    Mike Stacy is the Global Cloud and Information Protection Director at Proofpoint. Mike works with customers and oversees technical strategy for areas which include cloud security, advanced email defense, SOAR, browsing security, and SDP. Prior to joining Proofpoint, Mike held numerous technical leadership and product strategy roles across a variety of solutions.

  • speaker photo
    Peter Chestna
    CISO of North America, Checkmarx

    Pete Chestna serves as the CISO of North America at Checkmarx, where he provides customers and prospects with practical advice for building successful application security programs. Bringing more than 15 years of direct AppSec practitioner experience, Pete has held roles ranging from developer and development leader to his most recent position as the Global Head of AppSec for the Bank of Montreal.

    Over the years, Pete has led organizational transformations from Waterfall to Agile to DevOps and from monolith to microservice architectures. He is certified as both a scrum master and product owner. Stemming from his experience as both an avid practitioner and consultant, Pete has spoken internationally at numerous prominent security and developer conferences including DevOpsDays, All Day DevOps, OWASP AppSec, and DevSecCon.

    Pete has been granted three patents. He enjoys whiskey tourism, astronomy model rocketry, and listening to Rush in his spare time.

  • speaker photo
    Joey Peloquin
    Principal Cloud Architect, Sales Engineering, Gigamon

    Joey Peloquin is an information and cyber security veteran, evolving over the years to specialize in multiple domains, including network, application, mobile, and for the last seven years, cloud security and architecture. Joey has held a variety of leadership roles over his career including security product ownership, head of consulting services at firms such as FishNet Security and GuidePoint Security, and head of cloud security operations and global incident response at Citrix. Joey has been active in the security community, publishing original research in publications such as Hakin9 magazine and speaking at conferences such as AWS re:Invent, BSides, and RVAsec.

  • speaker photo
    Christopher Hass
    Director of Information Security and Research, Automox

    Chris Hass is an extremely driven and proven information security professional with extensive experience in Malware Reverse Engineering, Threat Intelligence, and Offensive Security Operations. In his current role, Chris serves as Director of Information Security and Research at Automox. In addition to being a former cybersecurity analyst for the NSA, he also served as a principal research engineer at LogRhythm and helped fight off malware authors using AI/ML at Cylance. His unique experience makes him adept at understanding today's current threat landscape, and works passionately to secure Automox and its customers from today's cyber attacks.

  • speaker photo
    Tommy Todd
    Vice President of Security, Code42

    Tommy Todd is Vice President of Security at Code42 with over 20 years of cybersecurity experience, primarily focused on data privacy and data protection strategies. Prior to Code42, Tommy served in security roles at Symantec, Ionic Security, and Optiv as well as many other firms. Throughout his career, he has acted as a leader, mentor, engineer, architect, and consultant to solve difficult data protection challenges. Tommy is passionate about data – both consumer and commercial – and strives to improve the security posture in organizations he works with.

    Tommy earned his CISSP certification in 2007 and is an active member of the security community, both as a participant and as a public speaker, providing thought leadership on a wide range of security topics. He has spoken at his local DEF CON chapter meetings and regularly speaks on behalf of Code42 to help educate security professionals around collaboration-focused security solutions and practices.

  • speaker photo
    Alex Kirk
    Global Principal Engineer, Corelight

    Alex Kirk is an open source security veteran, with a combined 17 years at Sourcefire, Cisco, Tenable, and now Corelight, where he serves as Global Principal for Suricata. Formerly a malware zookeeper and IDS signature writer, today he spends his time helping SOC analysts and advising on security policy for government agencies, universities, and large corporations around the world.

  • speaker photo
    Krishna Ksheerabdhi
    VP, Product Marketing, Encryption, Thales Group

    Krishna has more than 25 years of experience leading Engineering and Business Strategy teams, including evaluating and integrating several key Thales acquisitions. Krishna has a Ph.D. in Computer Science and has worked on various topics, from compilers for supercomputers to operating systems for smart cards, leading skunkworks innovation projects to corporate entrepreneurship initiatives and M&A. He is currently responsible for marketing Thales’ Encryption products.

  • speaker photo
    Michael Muha, PhD, CISSP, CISM, CIPM, Certified GDPR Practitioner
    Chief Information Security & Privacy Officer, WorkForce Software

    Mike drove the global expansion of WorkForce Software’s cloud-based workforce management products from one data center to eight across the US, Europe, Canada, and Australia, and directed all compliance efforts (starting with SAS 70 and moving onto SOC 1, ISAE 3402, SOC 2, ISO 27001 certification, and EU-US Privacy Shield certification). Having led the company’s GDPR journey, he’s currently implementing a “Personal Information Management System” and additional global security controls to protect company and customer data.

  • speaker photo
    Michael Schladt
    Principal Cybersecurity Researcher, General Electric Gas Power

    Mike Schladt, CISSP, GREM, is an information security researcher and engineer with over 12 years' experience performing malware analysis, reverse engineering, digital forensics, and incident response. Previous roles include leading malware analysis at the USAF National Air and Space Intelligence Center, as well as heading the development of endpoint detection technologies for a cybersecurity startup. For the past seven years, Mike has been the technical lead of the GE Gas Power cyber operations team, where his duties have included managing incident response, threat hunting, attack surface analysis, and offensive security research.

  • speaker photo
    John M. Wilke
    Sr. Product Marketing Manager, Okta

    John Wilke is a Senior Product Marketing Manager at Okta who is currently focused on aligning the impact of Okta's SaaS solutions with the core business goals of Okta's most strategic customers. He was previously responsible for the expansion of Okta's Business Value team for the West Coast and Asia Pacific regions.

  • speaker photo
    Stephen Gates
    Security Evangelist & Sr. Solution Specialist, Checkmarx Inc.

    Stephen Gates brings more than 15 years of information security experience to his role as Security Evangelist and Senior Solution Specialist at Checkmarx. He is an SME with an extensive hands-on background in security and is a well-known writer, blogger, presenter, and published author who is dedicated to conveying facts, figures, and information that brings awareness to the security issues all organizations face.

  • speaker photo
    Sam Curry
    Chief Product and Security Officer, Cybereason
  • speaker photo
    Tim Mackey
    Principal Security Strategist, Synopsys

    Tim Mackey is a principal security strategist within the Synopsys CyRC (Cybersecurity Research Center). He joined Synopsys as part of the Black Duck Software acquisition where he worked to bring integrated security scanning technology to Red Hat OpenShift and the Kubernetes container orchestration platforms. As a security strategist, Tim applies his skills in distributed systems engineering, mission critical engineering, performance monitoring, large-scale data center operations, and global data privacy regulations to customer problems. He takes the lessons learned from those activities and delivers talks globally at well-known events such as RSA, Black Hat, Open Source Summit, KubeCon, OSCON, DevSecCon, DevOpsCon, Red Hat Summit, and Interop. Tim is also an O'Reilly Media published author and has been covered in publications around the globe including USA Today, Fortune, NBC News, CNN, Forbes, Dark Reading, TEISS, InfoSecurity Magazine, and The Straits Times. Follow Tim at @TimInTech on Twitter and at mackeytim on LinkedIn.

  • speaker photo
    Alex Jones
    Information Security Manager, Cobalt.io

    Alex Jones is an Information Security professional with eight plus years of direct security and compliance experience. He also has an extensive background in media, audio, and communications prior to working in the security field. He is currently the Information Security Manager for the leading Pentest as a Service Company, Cobalt.io. Prior to joining Cobalt, Alex has led security and compliance initiatives at Hudson’s Bay Company, Gainsight, Express Scripts and Cognizant.

  • speaker photo
    Matt Downing
    Director, Threat Hunting Operations, ReversingLabs

    Matt is Director of Threat Hunting Operations at ReversingLabs where he helps to operationalize the implementation of ReversingLabs tools and massive dataset to help make networks more secure. Matt is a dedicated blue teamer and threat hunter. Prior to his role at ReversingLabs, Matt held many roles supporting threat research and security operations.

  • speaker photo
    Adam Meyers
    SVP, Intelligence, CrowdStrike
  • speaker photo
    Laura Clark
    CSO, State of Michigan - Department of Technology, Management and Budget

    Chief Security Officer for the Michigan Department of Technology, Management & Budget, Laura Clark brings a unique blend of strengths that include leadership, vision, and strategic and tactical planning, along with the ability to promote collaboration at all levels to support high-level, critical state-wide projects to successful completion.

    As CSO, Laura is responsible for Michigan Cyber Security and Infrastructure Protection Services and the deployment of their resources. Through Laura’s effective leadership, her team can ensure that critical processes are audited, reviewed, and designed for maximum effectiveness, and structures for all cybersecurity and infrastructure protection are effectively delivered and operationalized throughout the enterprise. Laura also supports the Chief Security Officer by providing well-developed and researched strategic recommendations on cybersecurity policy and future department direction.

  • speaker photo
    Adam Ford
    CISO, Illinois Department of Innovation & Technology (DoIT)
  • speaker photo
    Bridget Kravchenko
    CISO, Meritor

    Bridget Kravchenko is the Senior Director, Chief Information Security Officer for Meritor, responsible for information security, IT risk, and compliance globally. She has responsibility for developing a strategic security plan, security metrics, security programs, risk management, and incident response.

    Bridget has served in a CISO or equivalent role for the last nine years across multiple industries, including manufacturing, healthcare, and government. She has served on the Michigan InfraGard Board for the past six years and she is always looking for opportunities to support the cybersecurity community.

    She is a CyberPatriot coach for the Michigan Bloomfield Hills, High School. She is a living Kidney Donor and celebrates 16 years for her Dad's new kidney. She is a proud Mother of an Eagle Scout, with hopefully a second Eagle Scout coming soon.

  • speaker photo
    Dan Lohrmann
    CSO, Security Mentor; Former CISO, State of Michigan

    Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker, and author. He has been a keynote speaker at global security and technology conferences from South Africa to Dubai and from Washington D.C. to Moscow. During his distinguished career, Dan has served global organizations in the public and private sectors in a variety of executive leadership capacities, receiving numerous national awards including: CSO of the Year, Public Official of the Year and Computerworld Premier 100 IT Leader. In 2017, Dan was awarded the cybersecurity breakthrough CISO of the year for global security products and services companies.

    He led Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014, including enterprise-wide Chief Security Officer (CSO), Chief Technology Officer (CTO), and Chief Information Security Officer (CISO) roles in Michigan.

    Dan currently serves as the CSO and Chief Strategist for Security Mentor, Inc., where he leads the development and implementation of Security Mentor’s industry-leading cyber training, consulting, and workshops for end-users, managers, and executives in the public and private sectors. He has advised senior leaders at the White House, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), federal, state and local government agencies, Fortune 500 companies, small businesses, and non-profit institutions.

    Dan has more than 30 years of experience in the computer industry, beginning his career with the National Security Agency. He worked for three years in England as a senior network engineer for Lockheed Martin (formerly Loral Aerospace) and for four years as a technical director for ManTech International in a US/UK military facility.

    He is the author of two books: "Virtual Integrity: Faithfully Navigating the Brave New Web" and "BYOD For You: The Guide to Bring Your Own Device to Work." He is the co-author of the upcoming (November 2021) Wiley book, "Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from the Inevitable."

    Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store