Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, April 17, 2019
    9:00 am
    SecureWorld PLUS - Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework
    • session level icon
    9 a.m. - 3 p.m. • Earn 12 CPEs!
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm

    The University of Massachusetts has developed a 6-hour SecureWorld PLUS training class that instructs attendees on the best practices for designing, building, and maintaining a cybersecurity program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the Framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program, and a Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M), and Executive Report

    The class will help individuals and organizations acquire knowledge, skills, and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the instructor:

    • Larry Wilson is the CISO for UMass President’s Office since 2009.
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation.
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past five years.
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework.

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
  • Thursday, April 18, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    8:30 am
    Phishing, Man-in-Middle: Making Sense of Strong Authentication
    • session level icon
    FIDO Opportunities, Challenges and Alternatives
    speaker photo
    Director, Information Security Risk Management , Experian
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    In this presentation we look at FIDO2 closely, discuss some of the challenges with FIDO, and what sort of attack vectors would be on the horizon when the technology picks up. Further, how would Identity providers need to evolve, especially in the context of federated services and the services consumption model.

    1. Overview of current strong authentication system attacks and risks.

    2. What is FIDO? Public-Pvt key adoption on end devices; risks and challenges.

    3. What is the splintered authentication space evolution — tradeoffs and alternatives.

    4. Novel solution to MiM as a stand-alone, stop-gap and compliment existing and new FIDO adoption.

    5. Evolution roadmap

     

    8:30 am
    The Legal Component of Incident Response
    • session level icon
    speaker photo
    Attorney, Spencer Fane LLP
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Legal obligations attach when a data privacy or security incident occurs. An important component to responding to any data incident requires analysis of various international, state, and sectoral laws and regulations applicable to a given incident. This discussion will highlight the current and future legal climate of incident response.

     

    8:30 am
    Common Crypto Pitfalls
    • session level icon
    Doing crypto right is easier than you might think.
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Today we use cryptography in almost everywhere. From surfing the web over https, to working remotely over ssh. In modern crypto we have all the building block to develop secure application. However, we see instances of insecure code everywhere. Most of these vulnerabilities are not because of theoretic shortcomings, but due to bad implementation or a flawed protocol design. Cryptography is a delicate art where nuances matter, and failure to comprehend the subtleties of these building blocks leads to critical vulnerabilities. To add insult to injury most of the resources available are either outdated or wrong, and inarguably, using bad crypto more dangerous than not using it. In this talk we look at examples from real world applications and the most common cryptographic pitfalls.

    9:30 am
    OPENING KEYNOTE:
    • session level icon
    speaker photo
    Assistant Director, Infrastructure Security, U.S. Cybersecurity and Infrastructure Security Agency (CISA), DHS
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable - (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm

    This roundtable is for our Advisory Council Members only.

    11:15 am
    Humio: The Mitre ATT&CK Framework Is for All of Us, and It Is Time to Pay Attention to It
    • session level icon
    speaker photo
    Founder, IMF Security
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Mitre has created the “Adversarial Tactics, Techniques & Common Knowledge” (ATT&CK) base to help security practitioners understand the actual techniques and tactics that adversaries use against us. The advantage of the ATT&CK base is it allows us to build a framework to understand how we might detect, respond, and prevent many of the tactics. The ATT&CK framework provides for a way for us to map what technologies and procedures we have, and then map any gaps that we have that then can be addressed. The goal in the end is to improve prevention and/or shore up our defenses.

    11:15 am
    When the Cyber Intrusion Alarm Rings, Will You Know?
    • session level icon
    speaker photo
    Managing Director, UHY Advisors TAP, Inc.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    There are numerous cybersecurity products, architectures, and cyber risk management best practices to help harden your enterprise perimeter, improve preventive and detective controls, and mature overall cybersecurity posture. Yet data breaches continue. Could it happen to your business? Would you know it was happening? A pre-breach assessment may provide a quicker answer on a regular basis.

    Like the business environment, cybersecurity risk management is complicated. There are multiple variables changing subtly throughout the year. Similarly, expenditures on security skilled people, security related processes, and security technologies are subject to entropy and may lose potency as your company’s cybersecurity risk profile changes. Legacy security activities can lose focus of adapting to emerging security risks in favor of automating routine security activities.

     

    11:15 am
    GDPR Compliance 101
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    This presentation outlines the requirements of the EU General Data Protection Regulation and highlights key compliance challenges.

    11:15 am
    View From the Top: The Board’s Role in Cybersecurity Oversight
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    In recent board surveys, cybersecurity has been identified as one of the top concerns for corporate directors. From the vantage point of a public company director and risk committee chair, this presentation will discuss the role of the board in cybersecurity oversight, including:

    Board expectations and industry standards
    Integration with enterprise risk management
    Quantification of cyber risk
    Board-level cyber risk reporting and decision-making

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm

    This lunch roundtable is for our Advisory Council members only.

    12:15 pm
    LUNCH KEYNOTE: Why Teams, Strategies, and Processes are Essential for Managing Cyber Risk
    • session level icon
    speaker photo
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    In twenty years of practicing cyber law, Shawn Tuma has seen a multitude of real-world cybersecurity and data breach cases. He will share his experience on:
    · Why cybersecurity is an overall business risk that must be properly managed to comply with laws and regulations
    · Why strategic leadership is critical in cybersecurity
    · Why teams are critical for cybersecurity and are affected by personalities and psychology
    · How to prioritize limited resources to effectively manage the most likely real-world risks
    · How to achieve reasonable cybersecurity
    · Why cyber insurance is a critical component of the cyber risk management process
    1:15 pm
    Cloud and Outsourcing, Oh No
    • session level icon
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:15 pm

    Everyone does some sort of outsourcing or using the cloud. Do you have the necessary requirements and third party programs built and implemented? Many companies continue to “Oops, I forgot” or “Oops, I didn’t think about that.” What are basic items that need to be in place BEFORE you contract.

    1:15 pm
    A Cybersecurity Policy That Crosses Borders
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Searle will discuss a global cybersecurity policy initiative that she is working on with the University of Washington’s Jackson School of International Studies and the Wilson Center in Washington, D.C. She’ll speak more broadly on how cybersecurity policy can influence international law and regulation.

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.

     

    1:15 pm
    Panel: Access Control – the End of the Password?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    “Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo. Is 2FA good enough? Zero Trust? Biometrics? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes and CyberHunt Winners Announced
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have your badge scanned with participating exhibitors. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win.

    3:00 pm
    Employer Data Breach Liability: The Employee as a Threat Vector
    • session level icon
    Learn 6 big decisions organizations must make in response to insider threat
    speaker photo
    Founder, Herrin Health Law, P.C.
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    According to a 2014 IBM study, 31.5% of all cybersecurity incidents were perpetrated by malicious insiders, and 23.5% resulted from the activities of non-malicious insider threats. In 2017, statistics reported by the MIT Sloan Interdisciplinary Consortium showed that between 67% and 80% of cybersecurity incidents were linked to persons with legitimate access to the breached data infrastructure. A 2018 Ponemon Institute report confirms that this upward trend is not abating, as 64% of successful cyber attacks resulted from privileged user negligence, with another 23% being perpetrated by malicious insiders – a total of 87% of all incidents. Education having failed in many instances, with criminals becoming ever more sophisticated, and with the return on investment for perimeter defenses becoming slight, perhaps employers should consider their employees threat vectors and not innocent victims in cybercrime.

     

    3:00 pm
    Shifting from “Incident” to “Continuous” Response
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    The core of the next-generation security protection process will be continuous, pervasive monitoring and visibility that is constantly analyzed for indications of compromise. Security Monitoring will encompass as many layers of the IT stack as possible including network activity, endpoints, system interactions, application transactions and user activity
    My presentation will provide several security related scenarios where centralized security data analytics and adaptive security architecture are used to respond in a dynamic way to enable this next generation security protection. The design and benefit of joining the foundational elements of intelligence, context, and correlation with an adaptive architecture will be discussed. I will look behind the curtain of “marketecture” to the real and aspirational solutions for the SOC that will likely materialize as vendor products mature over the next few years.

    3:00 pm
    Internet of Things Security and You
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    IoT is older than you may imagine and each new advance came with a set of security issues. Learn from history, incidents and controls. Modern IoT is complex; architectures have many common emergent issues but it is possible to make good decisions if you understand the trade-offs.

    3:00 pm
    Steganography: How to Prove It Is You
    • session level icon
    speaker photo
    Adjunct Professor , University of Maryland University College
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Steganography is as old as the written word, and can prove it is you by using “Hidden Writing.”
Exhibitors
  • ACFE Houston
    Booth:

    We are the world’s largest anti-fraud organization and premier provider of anti-fraud training and education. The mission of the ACFE Foundation is to increase the body of anti-fraud knowledge by supporting future anti-fraud professionals worldwide through the funding of the Ritchie-Jennings Memorial Scholarship Program. The scholarship program provides an opportunity for men and women of all ages, races, religions and income levels to advance their education. Many of these outstanding and deserving students go on to become Certified Fraud Examiners.

  • Arista Networks
    Booth:

    Arista Networks was founded to pioneer and deliver software-driven cloud networking solutions for large data center storage and computing environments. Arista’s award-winning platforms, ranging in Ethernet speeds from 10 to 100 gigabits per second, redefine scalability, agility and resilience. Arista has shipped more than 15 million cloud networking ports worldwide with CloudVision and EOS, an advanced network operating system. Committed to open standards, Arista is a founding member of the 25/50GbE consortium. Arista Networks products are available worldwide directly and through partners.

  • Bitdefender
    Booth: TBD

    Powered by its depth of security expertise and rapid pace of research and development, Bitdefender’s long-standing mission is to deliver transformative security technologies to the world’s users and organizations. We are innovators, creating breakthrough technology that radically improves our customer’s experience with security.

    From IoT to Data Centers, from endpoints to hybrid infrastructures – Bitdefender plays a transformational role in how security is best consumed, deployed, and managed. We strive to deliver products and services that radically alter the customer’s experience with security, in terms of efficacy, performance, ease of use and interoperability.

  • Check Point Security
    Booth:

    Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Global Cyber Alliance
    Booth:

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • InfoSec-Conferences.com
    Booth: n/a

    We’re the InfoSec Community’s #1 ‘Go To’ resource for Cybersecurity Conferences. Since 2012 we’ve provided Cybersecurity Professionals with accurate event listings that are manually checked and updated every day.

  • InfraGard Houston
    Booth:

    The Houston Chapter of InfraGard provides members of the Critical Infrastructure community a means to share information to prevent, protect, and defend against hostile acts against Critical Infrastructure and Key Resources (CIKR). InfraGard is designed to address the need for private and public-sector information-sharing mechanisms at both the national and local levels. It is our goal to improve and extend information sharing between private industry and the government, particularly the FBI, when it comes to critical national infrastructures.

  • ISACA Houston
    Booth:

    Our aim is to sponsor local educational seminars and workshops, conduct regular chapter meetings, and help to further promote and elevate the visibility of the IS audit, control and security profession throughout the area. We conduct chapter meetings the third Thursday of the month that typically includes a morning or afternoon training along with a luncheon meeting/training. We also sponsor SIG group meetings on the same day. Local seminars are held in the spring and fall that include topics of high relevance to our membership community. Certification training is scheduled before each ISACA exam date based on interest level.

  • Ixia, a Keysight Business
    Booth: TBD

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Jazz Networks
    Booth: TBD

    Jazz Networks is a cyber analytics platform that simplifies insider threat detection and breach prevention. It works by collecting rich metadata before it’s encrypted from endpoints and servers, with machine learning analyzing to identify behavioral pattern changes. Alarms are raised for events that require attention and response time is swift with native platform actions.

  • Lockpath
    Booth: TBD

    Lockpath is a software company bringing order to the chaos of managing risk. From SMB to enterprise, our risk management platforms flex and scale to existing processes enabling customers a straightforward approach to identify, understand, manage and report on risk.

  • Pulse Secure
    Booth: TBD

    Put simply, we are the company that is 100% focused on delivering secure access solutions for people, devices, things and services. For years, enterprises of every size and industry have been trusting our integrated virtual private network, network access control and mobile security solutions to enable secure access seamlessly in their organizations.

  • SecureAuth
    Booth: TBD

    SecureAuth enables companies to determine identities with absolute confidence. Whether you’re seeking to continuously secure employee,
    customer or partner access, SecureAuth’s flexible and adaptive platform makes everything fast, frictionless and pain-free. Guaranteed.

  • Secure Data Solutions
    Booth:

    Secure Data Solutions is a Texas based Security Partner providing comprehensive results to our clients and giving them confidence in their security strategy. Using fundamental and leading-edge security technologies, Secure Data Solutions delivers expertise and visibility in all aspects of Network and Cyber-Security.

  • Synopsys
    Booth: TBD

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Girish Chiruvolu
    Director, Information Security Risk Management , Experian

    Dr. Chiruvolu is a CISSP/CISM and has spent several years in the security industry and in particular Finance/e-Commerce and Enterprise industries on cloud/SaaS technologies. He is currently Director Information Security and risk management, and has lead several successful programs on several fronts of Information Security, Risk management and Compliance at fortune 500 companies such as Experian, Thomson Reuters, Citi, Capital One, Truesigna Systems, Inc. on application security, secure cloud transformation, vulnerability and threat management. He is passionate about strong user authentication, Identity and Access management and has co-authored over 40 referred technical papers and has 20+ patents. He holds a Ph.D in Computer Science and an MBA in Marketing and Finance.

  • speaker photo
    Jeremy Rucker
    Attorney, Spencer Fane LLP

    As a cybersecurity and data privacy attorney in the Dallas office of Spencer Fane LLP, Jeremy Rucker has assisted companies of all sizes in responding to data security and privacy incidents. The expertise of Jeremy and his Spencer Fane colleagues cover several industries including healthcare, banking and finance, insurance, energy, transportation, and manufacturing.

  • speaker photo
    Brian Harrell
    Assistant Director, Infrastructure Security, U.S. Cybersecurity and Infrastructure Security Agency (CISA), DHS

    Brian Harrell was appointed by the President of the United States in December 2018 to serve as the Department of Homeland Security’s Assistant Secretary for Infrastructure Protection. Brian now serves as the first Assistant Director for Infrastructure Security within the newly renamed U.S. Cybersecurity and Infrastructure Security Agency (CISA). Recently recognized as Security Magazine's Most Influential People in Security, Brian is the former Managing Director of Enterprise Security at the Duke Energy Corporation. He is also the former Director of the Electricity ISAC and Director of Critical Infrastructure Protection Programs at the North American Electric Reliability Corporation (NERC) where he was charged with helping protect North America's electric grid from physical and cyber-attack. Brian has spent time during his career in the US Marine Corps and various private sector agencies with the goal of protecting the United States from security threats.

  • speaker photo
    Michael Gough
    Founder, IMF Security

    Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free tool that audits the settings, harvests and reports on malicious Windows log data and malicious system artifacts. Michael also blogs on HackerHurricane.com on various InfoSec topics. Michael also is co-host of the “Brakeing Down Incident Response” BDIR Podcast to education on Incident Response daily tasks. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons.

  • speaker photo
    Norman Comstock
    Managing Director, UHY Advisors TAP, Inc.

    Norman is President and Managing Director of UHY Advisors TAP, Inc. a subsidiary of UHY Advisors, bringing over 25 years of experience in strategic consulting services. Norman advises clients on enterprise risk management, IT assurance and governance, and cybersecurity. He is also an Instructor for courses in Business Ethics, and Governance, Risk, and Compliance at the C.T. Bauer School of Business at the University of Houston. Norman served as VP of Technology for IIA Houston 2011 – 2014 and served as President of the ISACA Houston Chapter 2012 – 2016. He maintains several certifications in security and assurance including: CISSP, QSA, CISA, CGEIT, CIA, CRMA, and CCSA

  • speaker photo
    Shawn E. Tuma
    Co-Chair, Cybersecurity & Data Privacy Practice Group, Spencer Fane LLP

    Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.

  • speaker photo
    Barry Herrin
    Founder, Herrin Health Law, P.C.

    Barry Herrin is the Founder of Herrin Health Law, P.C., a boutique law practice located in Atlanta, Georgia. He regularly assists health care providers in all segments of the industry on health care operations and compliance, medical information privacy and confidentiality, cybersecurity, and data breach response. He is admitted to the bars of the District of Columbia, Florida, Georgia, and North Carolina. Mr. Herrin is a Fellow of the American College of Healthcare Executives, a Fellow of the American Health Information Management Association, and a Fellow of the Healthcare Information and Management Systems Society. He also holds a certificate in cybersecurity from Georgia Tech and has been recognized as a subject matter expert in health care by the Infragard National Member Alliance.

  • speaker photo
    Kalani Hausman
    Adjunct Professor , University of Maryland University College
Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Invest in yourself

Join your InfoSec peers for high-quality, affordable training and collaboration. Sign up today!