- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, April 17, 20199:00 am[SecureWorld PLUS] Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework9 a.m. - 3 p.m. • Earn 12 CPEs!CISO and Adjunct Faculty, University of MassachusettsRegistration Level:
9:00 am - 3:00 pmLocation / Room: West Alabama
- SecureWorld Plus
The University of Massachusetts has developed a 6-hour SecureWorld PLUS training class that instructs attendees on the best practices for designing, building, and maintaining a cybersecurity program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the Framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program, and a Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M), and Executive Report
The class will help individuals and organizations acquire knowledge, skills, and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the instructor:
- Larry Wilson is the CISO for UMass President’s Office since 2009.
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation.
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past five years.
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework.
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
- Thursday, April 18, 20197:00 amRegistration OpenRegistration Level:
7:00 am - 3:00 pmLocation / Room: Registration Desk8:00 amExhibit Floor OpenRegistration Level:
- Open Sessions
8:00 am - 3:00 pmLocation / Room: Exhibitor Floor
- Open Sessions
This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!8:15 amISSA and ISACA Joint Chapter Meeting and Presentation - Open to All AttendeesTopic: Securing the Skies by Using the BlockchainFounder and CEO, TapJetsRegistration Level:
8:15 am - 9:15 pmLocation / Room: Keynote Theater
- Open Sessions
We all know that the safety of flight is a succession of three major components; regulatory compliance, pilot training and experience, and aircraft maintenance. If any of these components fail, an accident is bound to happen. Now imagine you boarding a private jet, what do you know about the pilots up front, the maintenance and compliance history of the aircraft you just boarded, and the company that operates it?
In the industry where each company is responsible for their record keeping, pilots who self-record the hours in their personal logbooks, and maintenance records that are kept on paper or in the desperate software solutions, the Blockchain solves the dilemma of ensuring compliance, adds transparency, and builds trust.
Learn about Blockchain and how it is changing the aviation safety and audit capabilities.8:30 amPhishing, Man-in-Middle: Making Sense of Strong AuthenticationFIDO Opportunities, Challenges and AlternativesDirector, Information Security Risk Management, ExperianRegistration Level:
8:30 am - 9:15 amLocation / Room: West Alabama
- Conference Pass
In this presentation we look at FIDO2 closely, discuss some of the challenges with FIDO, and what sort of attack vectors would be on the horizon when the technology picks up. Further, how would Identity providers need to evolve, especially in the context of federated services and the services consumption model.
1. Overview of current strong authentication system attacks and risks.
2. What is FIDO? Public-Pvt key adoption on end devices; risks and challenges.
3. What is the splintered authentication space evolution — tradeoffs and alternatives.
4. Novel solution to MiM as a stand-alone, stop-gap and compliment existing and new FIDO adoption.
5. Evolution roadmap8:30 amThe Legal Component of Incident ResponseRegistration Level:
8:30 am - 9:15 amLocation / Room: Sage
- Conference Pass
Legal obligations attach when a data privacy or security incident occurs. An important component to responding to any data incident requires analysis of various international, state, and sectoral laws and regulations applicable to a given incident. This discussion will highlight the current and future legal climate of incident response.9:30 amOPENING KEYNOTE: Computer ThreatsRegistration Level:
9:30 am - 10:30 amLocation / Room: Keynote Theater
- Open Sessions
Join Samuel Sutton—CASP, CISM, and Computer Scientist with the FBI—to discuss some of the dangers to your computers and personal information. This will include some topics to help you make better security decisions.
This will be a walk-through of various computer threats as seen from the FBI perspective.
– Who is targeted?
– Who are the actors?
– Types of attack methods
Information will be shared that will help strengthen your computer world.
– Important statistics
– A few real examples
– Some conceptual models
– Pointers to additional resources10:30 amConference Break / Exhibitor Product DemonstrationRegistration Level:
10:30 am - 11:15 amLocation / Room: Exhibitor Floor
- Open Sessions
Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.11:00 amAdvisory Council Roundtable - (VIP / Invite Only)Registration Level:
11:00 am - 12:00 pmLocation / Room: Richmond
- VIP / Exclusive
This roundtable is for our Advisory Council Members only.11:15 amHumio: The Mitre ATT&CK Framework Is for All of Us, and It Is Time to Pay Attention to ItRegistration Level:
11:15 am - 12:00 pmLocation / Room: Rice
- Open Sessions
Mitre has created the “Adversarial Tactics, Techniques & Common Knowledge” (ATT&CK) base to help security practitioners understand the actual techniques and tactics that adversaries use against us. The advantage of the ATT&CK base is it allows us to build a framework to understand how we might detect, respond, and prevent many of the tactics. The ATT&CK framework provides for a way for us to map what technologies and procedures we have, and then map any gaps that we have that then can be addressed. The goal in the end is to improve prevention and/or shore up our defenses.11:15 amWhen the Cyber Intrusion Alarm Rings, Will You Know?Registration Level:
11:15 am - 12:00 pmLocation / Room: Sage
- Conference Pass
There are numerous cybersecurity products, architectures, and cyber risk management best practices to help harden your enterprise perimeter, improve preventive and detective controls, and mature overall cybersecurity posture. Yet data breaches continue. Could it happen to your business? Would you know it was happening? A pre-breach assessment may provide a quicker answer on a regular basis.
Like the business environment, cybersecurity risk management is complicated. There are multiple variables changing subtly throughout the year. Similarly, expenditures on security skilled people, security related processes, and security technologies are subject to entropy and may lose potency as your company’s cybersecurity risk profile changes. Legacy security activities can lose focus of adapting to emerging security risks in favor of automating routine security activities.11:15 amNavigating to the CloudRegistration Level:
11:15 am - 12:00 pmLocation / Room: Keynote Theater
- Open Sessions
This presentation will discuss lessons learned , what works, what to avoid and myths about the cloud.
Take aways: dashboards, governance, competency and cloud standards.11:15 amEstablishing a Workable Security Program on a Tight BudgetRegistration Level:
11:15 am - 12:00 pmLocation / Room: West Alabama
- Open Sessions
Ask any Security Professional…We never seem to have all the resources or people we need for our Security Programs. It’s just a “fact of life”, so maybe we ought to shift the perspective. Our Security Programs should focus on providing “Good Enough” security for our specific business risks and risk appetite.
This session will present advice and options for establishing a workable security program that fits within the reality of your Organizational and Financial constraints.12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)Registration Level:
12:00 pm - 1:15 pmLocation / Room: Richmond
- VIP / Exclusive
This lunch roundtable is for our Advisory Council members only.12:15 pm[LUNCH KEYNOTE] Why Teams, Strategies, and Processes Are Essential for Managing Cyber RiskRegistration Level:
12:15 pm - 1:15 pmLocation / Room: Keynote Theater
- Open Sessions
In twenty years of practicing cyber law, Shawn Tuma has seen a multitude of real-world cybersecurity and data breach cases. He will share his experience on:
· Why cybersecurity is an overall business risk that must be properly managed to comply with laws and regulations
· Why strategic leadership is critical in cybersecurity
· Why teams are critical for cybersecurity and are affected by personalities and psychology
· How to prioritize limited resources to effectively manage the most likely real-world risks
· How to achieve reasonable cybersecurity
· Why cyber insurance is a critical component of the cyber risk management process1:30 pmPanel: Building a Better Mouse Trap (Emerging Threats)Registration Level:
1:30 pm - 2:30 pmLocation / Room: Keynote Theater
- Open Sessions
To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say, but how? By taking a look at the capabilities of the threats we see today, we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing and hoping.
Michael Gough, IMF Security
Loyd McBride, Keysight
Paul Brager, Baker Hughes GE
Eugene Kesselman, Tapjets
Paul Berryman, Deloitte
David O’Neil, Kudelski Security
Moderator: John Jorgensen, ABS Advanced Solutions1:30 pmPanel: You Got Burned, Now What? (Incident Response)Registration Level:
1:30 pm - 2:30 pmLocation / Room: West Alabama
- Open Sessions
We’ve all heard the adage that it’s not if it happens but when you are inevitably breached… Do you have a plan? Even a framework to go off of? What do you include? Who do you include? How often should you be practicing this plan? Join our experts as they discuss incident response plans, who should be involved, best practices, and pitfalls.
Gregg Braunton, Catholic Health Initiatives
Duwayne Engelhardt, Wallisbank
Eric Botts, Swailes & Company
Manoj Tripathi, PROS
Paul Schofield, Ensilo
Ram Yarlagadda, Pulse Secure
Paul Schofield, enSilo
Moderator: Berris Bramble2:30 pmConference Break / Exhibitor Product DemonstrationRegistration Level:
2:30 pm - 3:00 pmLocation / Room: Exhibitor Floor
- Open Sessions
Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.2:45 pmDash for Prizes and CyberHunt Winners AnnouncedRegistration Level:
2:45 pm - 3:00 pmLocation / Room: Exhibitor Floor
- Open Sessions
Be sure to have your badge scanned with participating exhibitors. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win.3:00 pmEmployer Data Breach Liability: The Employee as a Threat VectorLearn 6 big decisions organizations must make in response to insider threatFounder, Herrin Health Law, P.C.Registration Level:
3:00 pm - 3:45 pmLocation / Room: Sage
- Conference Pass
According to a 2014 IBM study, 31.5% of all cybersecurity incidents were perpetrated by malicious insiders, and 23.5% resulted from the activities of non-malicious insider threats. In 2017, statistics reported by the MIT Sloan Interdisciplinary Consortium showed that between 67% and 80% of cybersecurity incidents were linked to persons with legitimate access to the breached data infrastructure. A 2018 Ponemon Institute report confirms that this upward trend is not abating, as 64% of successful cyber attacks resulted from privileged user negligence, with another 23% being perpetrated by malicious insiders – a total of 87% of all incidents. Education having failed in many instances, with criminals becoming ever more sophisticated, and with the return on investment for perimeter defenses becoming slight, perhaps employers should consider their employees threat vectors and not innocent victims in cybercrime.3:00 pmThe Divergence and (re)Convergence of the CIO and CISO RolesRegistration Level:
3:00 pm - 3:45 pmLocation / Room: Rice
- Conference Pass
There has been considerable effort spent over the decades to achieve a clear separation between the CIO and CISO roles. However, this separation creates inefficiency in the organization, and attempts to separate what is essentially one logical entity—Information Security. This session will start a discussion on the pros and cons of such an approach and propose an integrated approach to security program management.3:00 pmSteganography: How to Prove It Is YouRegistration Level:
3:00 pm - 3:45 pmLocation / Room: West Alabama
- Conference Pass
Steganography is as old as the written word, and can prove it is you by using “Hidden Writing.”
- ACFE HoustonBooth: 500
We are the world’s largest anti-fraud organization and premier provider of anti-fraud training and education. The mission of the ACFE Foundation is to increase the body of anti-fraud knowledge by supporting future anti-fraud professionals worldwide through the funding of the Ritchie-Jennings Memorial Scholarship Program. The scholarship program provides an opportunity for men and women of all ages, races, religions and income levels to advance their education. Many of these outstanding and deserving students go on to become Certified Fraud Examiners.
- BitdefenderBooth: 210
Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.
From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.
- BitSight TechnologiesBooth: 820
BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company’s Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third party risk, benchmark performance, and assess and negotiate cyber insurance premiums.For more information, please visit www.bitsighttech.com or follow us on Twitter (@BitSight)
- Bugcrowd Inc.Booth: 520
By combining the world’s most experienced team of bounty experts and the market’s only enterprise-grade bug bounty platform, Bugcrowd connects organizations to a global crowd of trusted security researchers to identify vulnerabilities—before the adversaries do.
- Check Point SecurityBooth: TBD
Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- enSiloBooth: 600
enSilo protects businesses around the world from data breaches and disruption caused by cyber attacks. The enSilo Endpoint Security Platform comprehensively secures endpoints in real-time pre- and post-infection without alert fatigue, excessive dwell time or breach anxiety while also containing incident response costs by orchestrating automated detection, prevention and incident response actions against advanced malware. enSilo’s patented approach stops advanced malware with a high degree of precision, provides full system visibility and an intuitive user interface and combines next-generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response, and virtual patching capabilities in a single agent. The platform can be deployed either in the cloud or on-premises and supports multi-tenancy.
- Global Cyber AllianceBooth:
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org
- GuidePoint Security LLCBooth: 820
GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com
- HumioBooth: 620
Humio is a solution for aggregating, exploring, reporting, and analyzing log data in real-time. It gathers log data from a range of sources and can be deployed in both Cloud and On-Premises environments. Humio’s innovative data storage and in-memory search/query engine technologies provide a cost-competitive log management and analysis solution that requires significantly less hardware, engineering resources, and licensing costs vs. competing solutions. Humio has offices in London, San Francisco, and Aarhus, DK.
- InfoSec-Conferences.comBooth: n/a
We’re the InfoSec community’s #1 ‘Go To’ resource for cybersecurity conference listings. Since 2012 we’ve provided cybersecurity professionals with accurate event listings that are manually checked and updated every day.
- InfraGard HoustonBooth:
The Houston Chapter of InfraGard provides members of the Critical Infrastructure community a means to share information to prevent, protect, and defend against hostile acts against Critical Infrastructure and Key Resources (CIKR). InfraGard is designed to address the need for private and public-sector information-sharing mechanisms at both the national and local levels. It is our goal to improve and extend information sharing between private industry and the government, particularly the FBI, when it comes to critical national infrastructures.
- ISACA HoustonBooth: 200
Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the area. We conduct chapter meetings the third Thursday of the month that typically includes a morning or afternoon training along with a luncheon meeting/training. We also sponsor SIG group meetings on the same day. Local seminars are held in the spring and fall that include topics of high relevance to our membership community. Certification training is scheduled before each ISACA exam date based on interest level.
- Ixia, a Keysight BusinessBooth: 220
We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.
- ISSA South TexasBooth: 300
The South Texas Chapter of the Information Systems Security Association (ISSA) is a non-profit organization of information security professionals and practitioners. South Texas ISSA provides education forums, publications and peer interaction opportunities which enhance the knowledge, skill and professional growth of its members. This Chapter is affiliated with the international ISSA organization, conforms to its professional and organizational guidelines, and supports the ISSA Code of Ethics. We encourage our members to pursue and maintain formal security certifications in their chosen fields and offer training opportunities to help members meet requirements for continuing education.
- Jazz NetworksBooth: 610
Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.
- Kudelski SecurityBooth: 800
Kudelski Security is the premier cybersecurity innovator for Fortune 500 organizations. Our approach continuously evaluates customer’s security posture to reduce risk, maintain compliance and increase security effectiveness. Our partner, Wombat Security Technologies provides awareness and training to teach secure behavior. Wombat’s solutions reduce phishing attacks and malware infections up to 90%.
- LockpathBooth: 320
Lockpath is a software company bringing order to the chaos of managing risk. From SMB to enterprise, our risk management platforms flex and scale to existing processes enabling customers a straightforward approach to identify, understand, manage and report on risk.
- LOG-MDBooth: 620
IMF Security, the home of LOG-MD is a Windows incident response, auditing, investigation, and hunting tool. LOG-MD helps evaluate Windows audit log configurations, and provides recommendations for logging improvements. LOG-MD in conjunction with a log management solution such as Humio provides a strong Windows detection, investigation, and hunting solution.
- LookoutBooth: 230
Lookout is a cybersecurity company that makes it possible for individuals and enterprises to be both mobile and secure. With 100 million mobile sensors fueling a dataset of virtually all the mobile code in the world, the Lookout Security Cloud can identify connections that would otherwise go unseen—predicting and stopping mobile attacks before they do harm.
- Pulse SecureBooth: 830
Pulse Secure provides easy, comprehensive software-driven Secure Access solutions for people, devices, things and services that improve visibility, protection and productivity for our customers. Our suites uniquely integrate cloud, mobile, application and network access to enable hybrid IT in a Zero Trust world. Over 20,000 enterprises and service providers across every vertical entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance.
- SecureAuthBooth: 310
SecureAuth enables companies to determine identities with absolute confidence. Whether you’re seeking to continuously secure employee,
customer or partner access, SecureAuth’s flexible and adaptive platform makes everything fast, frictionless and pain-free. Guaranteed.
- SIM HoustonBooth: TBD
Recognizing the unique needs of the industry, SIM collects the intellectual capital of IT leaders nationwide and offers the resources you need to do business better. Membership in the SIM Houston Chapter continues to grow as well as the number of activities both in educational, community, and social programs.
- SynopsysBooth: 510
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- Larry WilsonCISO and Adjunct Faculty, University of Massachusetts
Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.
- Eugene KesselmanFounder and CEO, TapJets
Eugene Kesselman is Founder and CEO of TapJets, the on-demand private jet charter company headquartered in Houston, Texas. Since 2015 the company has been using blockchain ledger technology to conduct its business and since 2016 became the first private aviation company to instantly accept cryptocurrency as a form of payment for its services. As an early adopter of blockchain and cryptocurrency, Mr. Kesselman and his team enjoyed the first-hand experience, trials, and successes of this new and exciting technology segment. They are sharing this knowledge with others thru education and outreach to other IT and Development professionals. Before founding TapJets, Mr. Kesselman spent over 20 years in Information Technology as CIO and various key IT executive roles. Mr. Kesselman received his CISM certification in 2014.
- Girish ChiruvoluDirector, Information Security Risk Management, Experian
Dr. Chiruvolu is a CISSP/CISM and has spent several years in the security industry and in particular Finance/e-Commerce and Enterprise industries on cloud/SaaS technologies. He is currently Director Information Security and risk management, and has lead several successful programs on several fronts of Information Security, Risk management and Compliance at fortune 500 companies such as Experian, Thomson Reuters, Citi, Capital One, Truesigna Systems, Inc. on application security, secure cloud transformation, vulnerability and threat management. He is passionate about strong user authentication, Identity and Access management and has co-authored over 40 referred technical papers and has 20+ patents. He holds a Ph.D in Computer Science and an MBA in Marketing and Finance.
- Jeremy RuckerAttorney, Spencer Fane LLP
As a cybersecurity and data privacy attorney in the Dallas office of Spencer Fane LLP, Jeremy Rucker has assisted companies of all sizes in responding to data security and privacy incidents. The expertise of Jeremy and his Spencer Fane colleagues cover several industries including healthcare, banking and finance, insurance, energy, transportation, and manufacturing.
- Samuel SuttonComputer Scientist, FBI, Houston Cyber Squad
Samuel Sutton is an FBI Computer Scientist. Since 1992 he has worked in Headquarters and Field Offices across the country. He is currently assigned to a Cyber Squad of the Houston Office. Specializing in Computer Security, Network Forensics, "Enhanced Network Capabilities", and Information Security Management, his skills have been applied to develop technical solutions against foreign networks, establish secure domestic networks, and analyze the techniques used during intrusions upon commercial and sensitive networks. Samuel has degrees in Electronics and Industrial Technology specializing in Digital Systems along with a Business minor. He holds professional certifications such as Security+, CASP, and CISM.
- Michael GoughFounder, IMF Security
Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free tool that audits the settings, harvests and reports on malicious Windows log data and malicious system artifacts. Michael also blogs on HackerHurricane.com on various InfoSec topics. Michael also is co-host of the “Brakeing Down Incident Response” BDIR Podcast to education on Incident Response daily tasks. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons.
- Norman ComstockManaging Director, UHY Advisors TAP, Inc.
Norman is President and Managing Director of UHY Advisors TAP, Inc., a subsidiary of UHY Advisors, bringing over 25 years of experience in strategic consulting services. Norman advises clients on enterprise risk management, IT assurance and governance, and cybersecurity. He is also an Instructor for courses in Business Ethics, and Governance, Risk, and Compliance at the C.T. Bauer School of Business at the University of Houston. Norman served as VP of Technology for IIA Houston 2011-2014, and served as President of the ISACA Houston Chapter 2012-2016. He maintains several certifications in security and assurance, including: CISSP, QSA, CISA, CGEIT, CIA, CRMA, and CCSA.
- Mario ChiockFellow & CISO Emeritus, Schlumberger
Mario Chiock possesses over 37 years of experience in Oil Field operations, IT, Security, Risk, Privacy and Auditing. Prior to his current role as Schlumberger Fellow, Mario was the CISO at Schlumberger where he was responsible for developing the
company’s worldwide, long-term cyber security strategy. He is recognized for his leadership and management in all aspects of
cybersecurity throughout the company as well as within the community.
Through his vision, he successfully transitioned Schlumberger from legacy firewalls to a more robust infrastructure based on next-generation firewalls. His experience in successfully deploying advanced technologies and approaches also spans Incident Response, Advance Threat Prevention, Digital Right Management to watermark & fingerprint sensitive documents. He also implemented federation services to minimize 3rd party risk and created the extended security team to foster collaboration with other IT groups. Mario is also known for applying his Lean Six Sigma expertise for measuring performance and creating
Outside of Schlumberger, Mario has been an active member of the Information Systems Security Association (ISSA) for over 20 years; he has held numerous board positions in the Austin, Capital of Texas Chapter, as well as the South Texas Chapter in Houston. He was president of the South Texas Chapter in 2007, bringing in the “Chapter of the Year” award. He continues to serve on the board. Mario is also an active volunteer trainer for Security Certifications such as CISM, CISA & CRISC certifications, and has mentored many successful CSO & CISO in Austin & Houston area. He is also very active with Evanta as speaker and instructor for their CISO Institute. In 2015 he was a speaker for the SPE and API conference and in 2016 he was a panelist at the GEO2016 conference in Bahrain. In 2018 was awarded the South Central Region InfraGard Award for “INMA Leadership!”.
Mario was recognized as one of the top 25 out of more than 10,000 security executives in the ExecRank 2013 Security Executive Rankings, he also won the 2012 Central Information Security Executive (ISE) “People Choice Award”, in 2014 he is a recipient of the CSO40 – 2014 award, named “ISSA Fellow”, won ISC2 Americas Information Security Leadership Awards (ISLA) and won the “ISSA Honor Roll” award. In 2017 he received the Infragard Houston award of excellence for the Private-Public Partnership in Cybersecurity. He is an active member of the Houston Security community and gives security talks, training and volunteers his IT security expertise to local non-profit organizations. He is currently a board member of the Houston InfraGard Chapter, has served in Executive & Technical Advisory boards of many security companies such as WatchFire (Now IBM), ISS (now IBM), Qualys, and currently is active on the Palo Alto Networks advisory board, he is also serving in the Google Cloud Platform advisory board and strategic advisor to Onapsis as well as Board member.
Mario has a CISSP, CISM & CISA Certifications, and is past chair for the American Petroleum Institute Information (API) Security Sub-Committee and was involved in the formation of the Oil & Gas ISAC. Co-Author of "Navigating the Digital Age, Second Edition."
- Anne RogersCOO/CSO , ERASCOGroup, LLC
- Shawn E. TumaCo-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP
Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.
- Barry HerrinFounder, Herrin Health Law, P.C.
Barry Herrin is the Founder of Herrin Health Law, P.C., a boutique law practice located in Atlanta, Georgia. He regularly assists health care providers in all segments of the industry on health care operations and compliance, medical information privacy and confidentiality, cybersecurity, and data breach response. He is admitted to the bars of the District of Columbia, Florida, Georgia, and North Carolina. Mr. Herrin is a Fellow of the American College of Healthcare Executives, a Fellow of the American Health Information Management Association, and a Fellow of the Healthcare Information and Management Systems Society. He also holds a certificate in cybersecurity from Georgia Tech and has been recognized as a subject matter expert in health care by the Infragard National Member Alliance.
- Manoj TripathiVP, IT & Security, PROS
Manoj Tripathi serves as PROS Vice President, IT & Security. Manoj is responsible for the global IT, Security & Governance vision, strategy, operations and execution. Manoj puts special emphasis on innovative practices to align the IT, Security & Governance frameworks with the business objectives to achieve meaningful and sustainable results in the most efficient way. Manoj is CISSP and C|CISO certified, an accomplished speaker and has presented at multiple security conferences.
- Kalani HausmanAdjunct Professor, University of Maryland University College
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes