- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Thursday, April 8, 20218:00 amExhibitor Hall openRegistration Level:
- Open Sessions
8:00 am - 9:00 amLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
8:00 amAdvisory Council RoundtableHow Secure, Really, Are Your Vendors?Chief Risk and Innovation Officer, MRS BPO, LLCRegistration Level:- VIP / Exclusive
8:00 am - 8:50 amThis session is for SecureWorld Advisory Council members by invite only.
Discussion topic moderated by Michael Meyer, Chief Risk and Innovation Officer at MRS BPO.
8:15 amCloud Security Alliance Delaware Valley Chapter: Town Hall MeetingOpen to all attendeesPresident, Delaware Valley Chapter, Cloud Security AllianceRegistration Level:- Open Sessions
8:15 am - 8:50 amBoard members of the CSA Delaware Valley Chapter will talk about where we’ve been, what we’ve been doing successfully during the pandemic, and what we have planned for 2021/22.
CSA-DV is led by a volunteer network of local cloud and cybersecurity professionals. It is the go-to resource for industry practitioners to learn and maintain their Cloud Security best practices knowledge, as well as for any individual in the local community interested in Cloud Security awareness. CSA-DV offers events, webinars, and various Cloud Security certificate training courses (such as CCSK Foundation, CCSK+, CCAK, and much more).
For more details, please visit our booth in the Exhibitor Hall and speak with one of our board members.
8:15 amA Critical Look at the Security Posture of the Fortune 500Sr. Director, Chief Security Data Scientist, Rapid7Registration Level:- Open Sessions
8:15 am - 8:50 amThe global pandemic has brought many changes to the IT landscape of corporations across the globe. To see how this has impacted the “best of the best,” Rapid7 Labs has reprised its seminal industry cyber exposure research from 2018 to see how the security posture of Fortune 500 organizations has evolved (or devolved), and to present solid advice to CISOs and practitioners looking to improve their cybersecurity practices.
8:15 amHow to Effectively Manage the Modern Risks of Open Source CodePrincipal Security SME, Horizon3.aiRegistration Level:- Open Sessions
8:15 am - 8:50 amToday’s modern applications depend on of a substantial amount of open source components and third-party libraries, and developers acknowledge that utilizing open source allows them to focus more on unique code attributes instead of recreating what’s already been successfully established. Although organizations acknowledge a heightened level of security, license, and operational risk, unfortunately, many don’t effectively track or manage open source throughout their entire code base and cannot consistently address the widening hazards they face.
As a result, organizations desire automated, repeatable processes for open source usage, risk management, and vulnerability remediation that fit within modern development environments.
In this session, attendees will hear recommendations from Stephen Gates, Checkmarx SME, on how to effectively implement an approach to:
- Identify open source with confidence
- Minimize open source security and license risks
- Prioritize exploitable vulnerabilities
- Accelerate informed remediation
- Integrate and automate open source analysis
Presentation level: MANAGERIAL (security and business leaders)
9:00 am[Opening Keynote] Marching on in 2021: Cyber Resiliency in SecurityCISO, CSCCISO, ChristianaCare Health SystemDirector of Information Security, NFICISO, University of PennsylvaniaVP, CISO, TE ConnectivityRegistration Level:- Open Sessions
9:00 am - 9:45 amThe past year has served as an accelerant for digital innovation and, unfortunately, nation-state cybercrime. However, cybersecurity professionals are up for the challenge! Come hear this panel of security leaders, working across several verticals, as they debate and discuss:
- Return to the workplace priorities for workforce resiliency
- Pandemic lessons learned to continue digital transformation
- Practical strategies for combating nation-state cybercrime
- Mental health and coping strategies
9:45 amNetworking BreakRegistration Level:- Open Sessions
9:45 am - 10:00 amLocation / Room: Exhibitor FloorVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:00 amThe Threat from Within: Creating an Effective Cyber Awareness ProgramCISO, New Jersey CourtsCo-Founder & Managing Partner, XPAN Law PartnersRegistration Level:- Open Sessions
10:00 am - 10:30 amThe basic “people problem” needs to be redefined and updated using science. For years, cybersecurity and data privacy advocates have been arguing that training employees is the only way to safeguard the organization. However, many organizations engage in cybersecurity training are forced to stare down the barrel of a data breach caused by one of those trained employees. The question becomes, why do we continue to repeat the same exercise expecting a different outcome?
In addition, the global pandemic has caused many organizations to operate remotely. And many are planning to operate with at least a portion of their employees being remote. This causes another operational hurdle for IT and IT security professionals.
This presentation will explain how cyber awareness training, in a traditional method, is a complete failure. We will discuss how using this traditional method of training can cause greater liability and threats to an organization. Finally, we will review how measuring an employee’s Knowledge (K), Attitude (A), and Behavior (B) (“KAB”) toward cybersecurity can help to create tailored solution for cyber awareness training and provide a workforce the weapons they need to effectively stave off cyberthreats.
10:00 amFaking It: Stopping Impersonation Attacks with Cyber AIDirector, Email Security Products, DarktraceRegistration Level:- Open Sessions
10:00 am - 10:30 amToday, 94% of cyber threats still originate in the inbox. “Impersonation attacks” are on the rise, as artificial intelligence is increasingly being used to automatically generate spear-phishing emails, or digital fakes, that expertly mimic the writing style of trusted contacts and colleagues.
Humans can no longer distinguish real from fake on their own, and businesses are increasingly turning to AI to distinguish friend from foe and fight back with autonomous response.
In an era when thousands of documents can be encrypted in minutes, “immune system” technology takes action in seconds—stopping cyber threats before damage is done.
Find out how in this session.
10:00 amThe #1 Challenge in the Digital Transformation to the Cloud—You!Growth Technologies Evangelist, Check Point Software TechnologiesRegistration Level:- Open Sessions
10:00 am - 10:30 amUsing public clouds for enterprise datacenters is now mainstream; the advantages are significant and the gained agility undisputable. However, the number of services and options being offered is daunting. And with these choices come consequences; one misconfiguration can put your entire organization at risk… or worse.
Another reality you will face as you scale is the challenge of using a “one-size-fits-all” interface. Imagine trying to find a misconfigured or exposed S3 bucket when you have thousands; it’s finding a needle in a stack of needles.
And, if you’re like most enterprises, you have a resource gap and don’t have the experienced, trained security professionals maintaining your cloud environment(s). This gap exacerbates risks. The cloud environments available today are extremely comprehensive and powerful, but in unskilled hands, one fat-finger can have dire consequences. And, as you implement ephemeral cloud-native services like Lambda functions and other cloud-native platform components, new challenges will arise when conducting threat-detection and attribution.
In this session, you’ll see your future and what to expect managing your public cloud-based datacenter. You’ll learn why Gartner says “Through 2023, at least 99% of cloud security failures will be the customer’s fault.” We will highlight the top challenges you will face and show you what you should prepare for before you scale. We will also detail recommended best practices for securing and maintaining compliance in your public cloud data center.
10:00 amA Modern Approach to Information ProtectionSr. Director, Enterprise Security Strategy, ProofpointRegistration Level:- Open Sessions
10:00 am - 10:30 amData Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations—especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021?
10:30 amNetworking BreakRegistration Level:- Open Sessions
10:30 am - 10:45 amVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
10:45 amMulti-Cloud Identity ManagementChief Risk and Innovation Officer, MRS BPO, LLCRegistration Level:- Open Sessions
10:45 am - 11:15 amLocation / Room: 103Join this session as CISO Michael Meyer discusses and debunks the common myths about Multi-Cloud Identity Authorization Management (IAM). He will also delve into the inherent risks that are present, and discuss key strategies to reduce them and increase your organization’s security posture.
10:45 amIncredible Email Hacks You'd Never Expect and How You Can Stop ThemData-Driven Defense Evangelist, KnowBe4Registration Level:- Open Sessions
10:45 am - 11:15 amIf you think the only way your network and devices can be compromised via email is phishing, think again!
A majority of data breaches are caused by attacks on the human layer, but email hacking is much more than phishing and launching malware. From code execution and clickjacking to password theft and rogue forms, cybercriminals have more than enough email-based tricks that mean trouble for your InfoSec team.
In this webinar Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist and security expert with over 30-years of experience, explores many ways hackers use social engineering and phishing to trick your users into revealing sensitive data or enabling malicious code to run.
Roger will show you how hackers compromise your network. You’ll also see incredible demos including a (pre-filmed) hacking demo by Kevin Mitnick, the World’s Most Famous Hacker and KnowBe4’s Chief Hacking Officer.
Roger will teach you:
- How remote password hash capture, silent malware launches and rogue rules work
- Why rogue documents, establishing fake relationships and tricking you into compromising your ethics are so effective
- The ins and outs of clickjacking
- Actionable steps on how to defend against them all
Email is still a top attack vector cybercriminals use. Don’t leave your network vulnerable to these attacks.
10:45 amGet Beyond Compliance and Achieve Real Data SecuritySVP, Strategy and Imperva Fellow, ImpervaRegistration Level:- Open Sessions
10:45 am - 11:15 amTo keep pace with the database activity explosion that has accompanied recent rapid technology innovations, organizations must rethink their strategy for securing their data assets. A strategy designed to meet compliance requirements is not enough. Organizations need to develop new approaches that augment traditional agent-based monitoring to achieve real data security today and in the future.
We’ll provide insight into how you can automate data collection and monitoring so you may apply more resources to identifying non-compliant behavior and orchestrating rapid responses, regardless of where your data is or the size of your data estate.
10:45 amCode on Code WarfareField CTO, Americas, SentinelOneRegistration Level:- Open Sessions
10:45 am - 11:15 amDuring this talk we will review some security metrics from 2020, which includes common ways organizations are approaching complex security issues such as ransomware and advanced threat groups. During the discussion, we will provide some insight into alternative methods or considerations whereby we can use the power of compute to prevent, discover, and recover from advanced attacks.
11:15 amNetworking BreakRegistration Level:- Open Sessions
11:15 am - 11:30 amVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
11:30 amArtificial Intelligence: Applicable Rules and RegulationsAttorney at Law, Law Offices of Salar AtrizadehRegistration Level:- Open Sessions
11:30 am - 12:00 pmThis presentation is on the topic of Artificial Intelligence and the related state, federal, or international laws. We will discuss the technology and how it affects intellectual property rights and privacy laws. We will also cover which technologies are being affected and how the courts are handling the legal disputes.
The audience will take away the following:
- What is artificial intelligence?
- What are the applicable rules and regulations?
- How does AI affect intellectual property rights?
- How does AI affect privacy laws?
- What technologies are being affected?
- How are the courts handling the legal disputes?
- What are the European Commission and United States doing about it?
11:30 amObservability at Scale in All-Remote Environments: Principles and PracticeSr. Security Automation Engineer, GitLab Inc.Registration Level:- Open Sessions
11:30 am - 12:00 pmInfoSec practitioners understand that observability and time-to-detection are crucial pieces of the security puzzle. However, data is often collected indiscriminately, stored unnormalized, retained for arbitrary periods of time, and sometimes even poorly understood. These issues make processing, baselining, and alerting on data sources harder than it should be.
In this session, Jayson Salazar, Sr. Security Automation Engineer @GitLab, will discuss in detail the principles, best practices, and tooling he’s relied on to continuously improve GitLab’s observability capabilities into its infrastructure. We will discuss technical, architectural, procedural, and compliance aspects surrounding successful logging, monitoring, and alerting operations for all-remote environments at scale. From Terraform, Serverless, Data-Store alternatives and Python as building blocks, over finding an architecture that meets your needs, all the way to Alert Triaging and Compliance, this is meant to be a guiding companion for Security departments at the beginning or midst of their observability journey.
11:30 amThe Implementation Journey of Zero Trust and SASE: Realizing the BenefitsVP, CSO - Cloud Security Transformation, NetskopeRegistration Level:- Open Sessions
11:30 am - 12:00 pmMost organizations have a hybrid implementation of cloud and on-prem services. With the rapid adoption of business digitalization and expanding remote work force, how do we consolidate controls and enhance the security of the systems?
In this hybrid mode, enterprises need speed, visibility, security, and reliability without compromise. Enter the secure access service edge, better known as SASE. It’s inevitable that SASE implementations and Zero Trust implementations will provide a more comprehensive security capability to truly support digital transformation. How can your organization best position itself for the transition?
In this session, James Christianson will discuss:
· How to migrate your security controls to take advantage of SASE
· Reducing cost while increasing your security posture
· Implementing a road map for SASE / Zero Trust11:30 amHacking Exposed: Learning from the AdversariesA look inside the techniques of OceanLotus / APT32Chief Evangelist & Sr. Director, Product Marketing, BlackBerryRegistration Level:- Open Sessions
11:30 am - 12:00 pmFileless attacks and fileless malware have grown in sophistication, especially in their ability to obfuscate and hide from both traditional and next-generation anti-virus. With this ever growing threat, how do you train your systems to defend against it?
In this session, you will learn techniques to make your own weaponized document that is designed to not just bypass AV but also human threat hunters through a sophisticated method of obfuscation and the use of built-in trusted tools. The document is capable of allowing the attacker to gain remote access to the victim system and exfiltrate sensitive data. You will get to see, firsthand, the attack compromise both a Windows PC and a MacOS.
Join Blackberry’s Brian Robison to discover the techniques being used by APT32/OceanLotus to attack their victims and learn how to replicate them to better test your defenses.
12:00 pmNetworking BreakRegistration Level:- Open Sessions
12:00 pm - 12:15 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
12:15 pm[Lunch Keynote] Stop Slouching! Correct the Top 5 Weak Spots in Your Cloud Security PostureDirector of Cloud Services, AccessIT GroupGrowth Technologies Evangelist, Check Point Software TechnologiesRegistration Level:- Open Sessions
12:15 pm - 1:00 pmIt’s time to “sit up straight” and make the proper adjustments to correct weak cloud security posture and keep your cloud workloads secure. In this presentation, cloud security experts from AccessIT Group and Check Point will focus on five of the most common weak spots that they are seeing and the corrections needed to strengthen your cloud security posture. Learn from the experts on how to identify and mitigate your cloud security weaknesses.
1:00 pmNetworking BreakRegistration Level:- Open Sessions
1:00 pm - 1:15 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
1:15 pmMaking Your Risk Management Program a Key Line of DefenseSr. Director, Information Security Risk Management, The College BoardRegistration Level:- Open Sessions
1:15 pm - 2:00 pmThis session will explain how to build a Security Risk Management Program and how to raise awareness to your key stakeholders. You’ll learn where to start your lines of defense, and most importantly, how to mature the program where your stakeholders are comfortable discussing and making risk-based decisions.
1:15 pmContinuous Security Validation: Exercise Your Environment More than the AdversaryTechnical Director of NA, Sales Engineering, AttackIQRegistration Level:- Open Sessions
1:15 pm - 2:00 pmWith Incident Response as the new normal, ensuring that our systems and processes support that effort and threat hunting are working as expected. We will discuss why and how to establish a Continuous Security Validation (CSV) program within your organization. Specifically, how such a program evolves beyond Breach and Attack Simulation (BAS) and provides teams a continuous feedback loop to understand their posture and identify gaps as they arise.
1:15 pm[Panel] Workforce 2.0: The New NormalSr. Solutions Engineer, OktaDirector of Threat Intelligence, Abnormal SecuritySr. Director, Product Management, SynopsysM.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales UniversityRegistration Level:- Open Sessions
1:15 pm - 2:00 pmOur panelists will discuss the continued challenges with managing the remote workforce securely. Whether people go back to an office again is up in the air, but InfoSec and Operations must have processes and technology in place to keep the business running with an acceptable risk. Bring your questions for our panel.
1:15 pm[Panel] We Need a New Plan: Business Continuity, GRC, and PrivacyDirector, Risk Management Services, AccessIT GroupSolutions Architect, SiemplifyFounding Partner & Owner, Fischer Law, LLCRegistration Level:- Open Sessions
1:15 pm - 2:00 pmThe pandemic has taught InfoSec many lessons; among them, your IR/BC/DR plans must be scalable and flexible. Compliance and regulations still matter, and many states are initiating new data privacy and security laws. Our panel will go over some of the items you may have missed over the last year. Our experts will let you know which ones you need to really be concerned with and provide some guidance on what to include in your future Incident Response, Business Continuity, and Disaster Recovery plans.
1:15 pmExecutive Roundtable [VIP invite only]Topic: Security Challenges with Digital CoworkersVice President, Global IAM Strategy and Customer Advocacy, One IdentityRegistration Level:- VIP / Exclusive
1:15 pm - 2:00 pmDiscussion forum for executive leaders and SecureWorld Advisory Council members (10-15, by invite only).
Moderated by Larry Chinski, the discussion will cover:
• Increased adoption of BPA tools (Hyperautomation)
• RPA and the use of BOTS
• Threats that BOTS pose in an organization
• How to manage and secure BOTSSponsored by One Identity.
2:00 pmNetworking BreakRegistration Level:- Open Sessions
2:00 pm - 2:15 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
2:15 pmHuman Resilience: A MythFounder and CEO, CyberSN and Secure DiversityRegistration Level:- Open Sessions
2:15 pm - 3:00 pmHumans are not resilient—they get sick, die, retire, and can choose not to work for an organization. Currently, a CISO changes jobs on average every 18 months. Burnout is at an all-time high. Cybersecurity professionals feel undervalued and underutilized. Diversity continues to fight for its place on the team. While the cybersecurity industry is full of useful cyber resiliency insights and research, the human role in the resiliency chain is often overlooked. Together, we will define human resilience and the four-part solutions to create human resilience: individual, team, company, and industry.
Cybersecurity managers and leaders will leave this talk with a proactive talent resilience approach plan that will keep their talent from being vulnerable and/or from nullifying their overall resilience plans.
Presentation level: MANAGERIAL (security and business leaders)
2:15 pm[Panel] Ransomware, BEC Attacks, and Insider Threats - What's Next?Vice President of Security, Code42Global Principal Engineer, CorelightVP, Global Services Technical Operations, BlackBerryDirector, Solution Architect , ArmisSr. Presales Systems Engineer, Arctic Wolf NetworksRegistration Level:- Open Sessions
2:15 pm - 3:00 pmEven a pandemic didn’t slow the roll of hackers and other nefarious groups. Ransomware and BEC attacks are at an all-time high, and insider threats (malicious and unknowing) are on the rise, as well. It seems if a dollar is to be had, someone is trying to take it. So, how do we arm our clients, partners, and coworkers with the tools they need to identify these next-level threats?
2:15 pm[Panel] Let's Talk About CloudsDirector of Technology - Office of the CTO, ImpervaCloud Overlay Sales Engineer, GigamonChief Security Strategist, Tenable, Inc.Application Security Solution Architect, Contrast SecurityRegistration Level:- Open Sessions
2:15 pm - 3:00 pmIt’s been a year now since many companies were forced to adopt cloud services or perish. For many, this was a huge shift and a leap of faith. This discussion will cover lessons learned, positives we have uncovered, and some of the new alphabet soup relating to cloud—CASB, SaaS, IaaS, etc.
3:00 pmNetworking BreakRegistration Level:- Open Sessions
3:00 pm - 3:15 pmVisit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.
3:15 pmCloud Security Checklist ManifestoSr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware ValleyRegistration Level:- Open Sessions
3:15 pm - 4:00 pmInspired by the best-selling book “The Checklist Manifesto” by surgeon Dr. Atul Gawande, this talk will focus on identifying and focusing on a Cloud Security checklist. Like the medical field where checklists are necessary to make complex life and death situations a little more manageable, we need a robust set of tasks that are absolutely required for any cloud infrastructure. This session will also provide information to build up a starter checklist that can grow with the cloud workload. This will also help organizations meet their audit and compliance requirements.
3:15 pmData Breaches: Two Tales, Two Motives - Financial vs. EspionageHead of Research, Development, Innovation, Verizon Threat Research Advisory CenterRegistration Level:- Open Sessions
3:15 pm - 4:00 pmFinancially motivated data breaches are similar to yet different from espionage motived data breaches. In this session, Verizon—producers of the annual Data Breach Investigations Report (DBIR)—will compare and contrast financially-motived and espionage-motived data breaches. Verizon will present this session through the lens of VERIS (Vocabulary for Event Recording and Information Sharing) Framework, to include the A4 Threat Model: Actors, Actions, Attributes, and Assets, and highlight key controls to counter data breaches.
Industry accepted frameworks and tools can help improve capabilities to better prevent, mitigate, detect, and respond to data breaches with Financial motives or Espionage motives. These frameworks and tools include the VERIS framework, VIPR phases, NIST Cybersecurity Framework, and Center for Internet Security (CIS) Critical Security Controls (CSCs).
Join this session and discover:
• A4 Threat Models aspects of Financial Motive Breaches
• A4 Threat Models aspects of Espionage Motive Breaches
• Comparison between motives and the countermeasures to take3:15 pmReducing Complexity While Increasing Data Protection in Financial ServicesVP, Security and Privacy, PKWARERegistration Level:- Open Sessions
3:15 pm - 4:00 pmFinancial service firms have a responsibility to provide fool-proof security to instill faith in customers, and send a strong message that combating threats is a prime objective. They cannot afford to be complacent, especially when the majority of information produced or utilized in financial services is private and sensitive, not to mention highly regulated. All this adds up to make cybersecurity vital to business.
Building sustainable ongoing security starts with all-inclusive optics into the sensitivity of data and automated organization-wide control of it. Organizations can assemble all this with multiple solutions, but doing so is time-consuming, expensive, and can be fraught with integration woes.
There’s a better way. This session takes a deep dive into reducing complexity in sensitive and private data protection, including:
- How to dig deep across the enterprise into every place sensitive data may be stored, from data lakes to endpoint devices
- The benefit of automatic policy-specific remediation, including masking, redaction, deletion, and encryption
- How to scale data protection and compliance as data volumes increase
3:15 pmExamining the CMMC and the Reasoning Behind ItChairman of the Board, CMMC Center of ExcellenceRegistration Level:- Open Sessions
3:15 pm - 4:00 pmThe Deputy Principal Cyber Advisor for the DoD recently told the Senate Armed Services Cybersecurity Subcommittee that the Cybersecurity Maturity Model Certification (CMMC) is part of a crucial effort: “Our goal must be to complicate and frustrate adversary planning and operations such that they cannot conduct them with impunity or at scale.”
In this session, join the Chairman of the Board at the CMMC Center of Excellence as he explores the logic behind the Cybersecurity Maturity Model Certification, its objectives, and its security benchmarks.
4:00 pm[Closing Keynote] The Resilient Enterprise: Securing the Virtual WorkforceChief Risk Officer & CISO, PaycorRegistration Level:- Open Sessions
4:00 pm - 4:45 pmThroughout the course of 2020, organizations have seen a transformational shift in the way that businesses operate. As we adapt to new realities, digital transformation has been accelerated in many areas, including how we protect our information assets. From entirely new threats to exacerbating existing threats, Information Security teams are at the forefront of enabling businesses to operate efficiently and securely in the new virtual-first world. We’ll deep dive into considerations that your organization should be making in technology, process, and policy as you work to secure your virtual workforce.
- AccessIT GroupBooth: Pavilion Sponsor
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- AgariBooth:
Agari is transforming the legacy Secure Email Gateway with its next-generation Secure Email Cloud powered by predictive AI. Leveraging data science and real-time intelligence from trillions of emails, the Agari Identity Graph™ detects, defends and deters costly advanced email attacks including business email compromise, spear phishing and account takeover.
- Arctic Wolf NetworksBooth:
Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit https://www.arcticwolf.com.
- Armis, IncBooth:
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.
- AttackIQBooth:
AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to identify security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. The Company is committed to giving back to the cybersecurity community through its free AttackIQ Academy, open Preactive Security Exchange, and partnership with MITRE Engenuity’s Center for Threat Informed Defense.
- BitSightBooth:
BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog, or follow @BitSight on X.
- BlackBerry CybersecurityBooth:
BlackBerry Cybersecurity is a leader in endpoint security, endpoint management, encryption, and embedded systems, protecting enterprises and governments around the world. Our end-to-end approach is deeply rooted in Cylance® AI and machine learning, providing continuous preventative protection, detection, and instant response. We extend protection for your organization against current and future cyberthreats by combining network and endpoint telemetry and by delivering innovative solutions in the areas of cybersecurity, safety, and data privacy.
- Check Point Software TechnologiesBooth:
Check Point Software Technologies is a leading provider of cybersecurity solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware, and other types of attacks. Our solutions offer multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention.
- Checkmarx Inc.Booth:
Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.
- Cloud Security Alliance Delaware Valley Chapter (CSA-DV)Booth:
Cloud Security Alliance Delaware Valley Chapter (CSA-DV) is a not-for-profit organization for people interested in education, training and possible certification in cloud security. We seek to improve the understanding of cloud security and to promote the interaction of both professionals and students in order to discuss current trends and topics within the industry.
OUR PURPOSE:To promote cloud security best practices within the Greater Philadelphia region, to educate about cloud computing, identify its risks, methods to secure it, and to continually provide opportunities for the development of cloud security professionals.
- Code42Booth:
Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.
- Contrast SecurityBooth:
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast’s patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.
- CorelightBooth:
Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com
- Cybercrime Support NetworkBooth:
Cybercrime Support Network (CSN) is a public-private, nonprofit collaboration created to meet the challenges facing millions of individuals and businesses affected each and every day by cybercrime. CSN’s mission is to improve the plight of Americans facing the ever growing impact of cybercrime by bringing together national partners to support cybercrime victims before, during, and after.
- DarktraceBooth:
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.
The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
- DeSales University Cyber Security ProgramBooth:
DeSales University offers an exciting digital forensics certificate program, composed of four courses, that teaches students how to recover evidence from various types of electronic devices. Students receive hands-on experience with popular forensic tools and are prepared to address the legal and investigative issues involved with seizing and handling digital evidence. Graduates of the certificate program can add more courses toward a master’s degree in criminal justice or information systems. All courses are online, allowing students with busy schedules greater flexibility.
- GigamonBooth:
Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com.
- ImpervaBooth:
Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.
- KnowBe4Booth:
We are a leader in the Gartner Magic Quadrant and the fastest-growing vendor in this space.
KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.
The KnowBe4 platform is user-friendly and intuitive. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design the most powerful, yet easy-to-use platform available.
Customers of all sizes can get the KnowBe4 platform deployed into production twice as fast as our competitors. Our Customer Success team gets you going in no time, without the need for consulting hours.
- NetskopeBooth:
The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.
- OktaBooth:
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- PKWAREBooth:
PKWARE protects the world’s data with smart encryption software and solutions. In use by more than 35,000 customers, including government agencies and global corporations, PKWARE’s easy-to-use security armors data itself and eliminates vulnerabilities wherever data is used, shared or stored.
PKWARE offers the only data discovery and protection solution that locates and secures sensitive data to minimize organizational risks and costs, regardless of device or environment. Our software enables visibility and control of personal data, even in complex environments, making PKWARE a global leader in data discovery, security, and compliance.
- ProofpointBooth:
Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.
Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.
- One IdentityBooth:
One Identity, a Quest Software business, helps organizations achieve an identity-centric security strategy with a uniquely broad and integrated portfolio of identity management offerings developed with a cloud-first strategy including AD account lifecycle management, identity governance and administration, and privileged access management. One Identity empowers organizations to reach their full potential, unimpeded by security, yet safeguarded against threats without compromise regardless of how they choose to consume the services. One Identity and its approach is trusted by customers worldwide, where more than 7,500 organizations worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their systems and data—on-prem, cloud, or hybrid.
- Rapid7Booth:
Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.
- Recorded FutureBooth:
Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.
- SentinelOneBooth:
SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.
- SiemplifyBooth:
The Siemplify team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis, management and operations and are backed by experts in data science and applied mathematics.
WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them in rapid decision making.
- SynopsysBooth:
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
- TechTargetBooth:
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- TenableBooth:
Tenable®, Inc. is the Cyber Exposure company. Over 27,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 25 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.
- Michael MeyerChief Risk and Innovation Officer, MRS BPO, LLC
Michael Meyer, MPSTM, CISSP, CIPP/US, CIPM, FIP, CISM, CRVPM II, CRISC, CISA, is the Chief Risk and Innovation Officer of MRS BPO. He is responsible for overseeing the company’s enterprise innovation, risk management and security initiatives for its Fortune clients. Michael has been with MRS for over 20 years and previously served in the Chief Security and Chief Information Officer roles. He has a Master’s degree in Technology Management from Georgetown University and a Bachelor’s degree in Computer Science from Rutgers University. Prior to MRS, he owned a consulting company, taught secure government systems globally and was in Military Intelligence.
- Bob RudisSr. Director, Chief Security Data Scientist, Rapid7
Bob Rudis has over 20 years of experience using data to help defend global Fortune 100 companies and is currently [Master] Chief Data Scientist at Rapid7, where he specializes in research on internet-scale exposure. He was formerly a Security Data Scientist & Managing Principal at Verizon, overseeing the team that produces the annual Data Breach Investigations Report. Bob is a serial tweeter (@hrbrmstr), avid blogger (rud.is), R (#rstats) avunculur, author (Data-Driven Security), speaker, and regular contributor to the open source community.
- Stephen GatesPrincipal Security SME, Horizon3.ai
Stephen Gates brings more than 15 years of information security experience to his role as Principal Security SME at Horizon3.ai. He is a subject matter expert with an extensive hands-on background in security and is a well-known writer, blogger, presenter, and published author who is dedicated to conveying facts, figures, and information that brings awareness to the security issues all organizations face.
- Mark Eggleston, CISSP, GSEC, CHPSCISO, CSC
Mark Eggleston is the chief information security officer (CISO) for CSC, responsible for the global security and privacy program design, operations and continual maturation. As a senior executive specializing in security and privacy program development and management, Mark’s unique background and expertise in information technology, program, and people management have positioned him as a thought leader and frequent industry speaker.
Mark started his career as a program manager and psychotherapist at a hospital serving children and adolescents. Later, Mr. Eggleston helped develop an internal compliance approach—complete with policies and tools—ensuring a geographically dispersed health care provider organization (across 19 states) complied with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Mr. Eggleston then transitioned to applying his HIPAA expertise at an HMO where he has implemented many successful security controls and technologies, including single sign-on (SSO), Identity and Access Management (IAM), Cloud Access security broker (CASB), and a vulnerability assessment program.
Mark received his Bachelor of Science in psychology from Radford University. Later, Mark received both his Master of social work and his post-baccalaureate certificate in management information systems from Virginia Commonwealth University. In addition, Mark holds CHPS, CHPS, and CISSP certifications.
- Anahi SantiagoCISO, ChristianaCare Health System
Anahi Santiago is the Chief Information Security Officer at ChristianaCare Health System, the largest healthcare provider in the state of Delaware. Prior to CCHS, she spent over 10 years as the Information Security and Privacy Officer at Einstein Healthcare Network. In her role as CISO, Anahi has overall responsibility for the organization's cybersecurity and assurance program. She leads a team of information security professionals in supporting CCHS's strategic initiatives by collaborating with clinical and business leaders, managing cybersecurity risks, implementing policies and controls, generating overall awareness, and fostering a culture of security and safety.
- Joshua CloudDirector of Information Security, NFI
Joshua Cloud is currently serving as the director of information security for NFI. He has over 20 years of infrastructure and security leadership experience spanning professional services, manufacturing, retail, and logistics industries in countries all over the world. Cloud is a transformational security leader with a business focus who evangelizes the value of pragmatic cyber risk management and executive alignment. He currently leads a team of security professionals at the new NFI headquarters on the Camden, NJ, waterfront.
- Todd BearmanVP, CISO, TE Connectivity
Todd Bearman is the Chief Information Security Officer for TE Connectivity with responsibility for Information Security globally across nearly 150 countries with 75,000 employees.
Todd is responsible for ensuring collaboration and risk management across the corporate functions and business units where he leverages his leadership, technical, and business expertise to manage information and business risks. He manages the global Information Security Program defining strategy and executing on security initiatives.
Todd has over 25 years of information systems experience and has been involved with various aspects of Information Security for over 18 years.Prior to working at TE Connectivity, Todd was CISO at Towers Watson, as well as Director of Information Security at Commerce Bank (now TD Bank). Previously, Todd has spent much of his career as a consultant, helping global companies implement and improve their security programs.
- Sajed NaseemCISO, New Jersey Courts
Sajed Naseem ("Saj") is the Chief Information Security Officer (CISO) of New Jersey Courts. He has over 20 years of experience with information security and IT across many industries. As the CISO of the New Jersey Courts, he has focused on Cybersecurity Readiness & Performance, Information Governance, and Network Security. Sajed holds Masters degrees from St. John's University and Columbia University. He routinely speaks at cybersecurity conferences nationally, in Europe, and with the New Jersey Bar Association. Sajed is also an Adjunct Professor at St. John's University in Information Security since 2010 and a native of New York City.
- Rebecca RakoskiCo-Founder & Managing Partner, XPAN Law Partners
Rebecca L. Rakoski is the managing partner at XPAN Law Partners, LLC. Rebecca advises her clients on a proactive, multi jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She uses her extensive experience to work with her clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.
Rebecca counsels and aggressively defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. As an experienced litigator, Rebecca has handled hundreds of matters in state and federal courts. Rebecca skillfully manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to minimize her client's litigation risks.
Rebecca regularly negotiates complex contractual provisions that are impacted by domestic and international data privacy regulations including the California Consumer Privacy Act of 2018, and the European Union's General Data Protection Regulation. She understands how the nature of the data can affect the role her client plays in the data transaction and uses that knowledge to mitigate corporate liability.
As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section.Rebecca has been appointed and served in multiple highly complex litigation matters by the New Jersey Superior Court as a Special Master in the areas of technology and eDiscovery. She also served on the Complex Business Litigation Committee that drafted and revised the New Jersey Court Rules involving electronic discovery. Rebecca was on the eDiscovery committee of her prior law firm and created its eDiscovery subgroup.
Rebecca is on the Board of Governors for Temple University Health Systems and is also the Acting Dean of Online Learning and an adjunct professor at Drexel University’s Thomas R. Kline School of Law.
- Mariana PereiraDirector, Email Security Products, Darktrace
Mariana is the Director of Email Security Products at Darktrace, with a primary focus on the capabilities of AI cyber defenses against email-borne attacks. Mariana works closely with the development, analyst, and marketing teams to advise technical and non-technical audiences on how best to augment cyber resilience within the email domain, and how to implement AI technology as a means of defense. She speaks regularly at international events, with a specialty in presenting on sophisticated, AI-powered email attacks. She holds an MBA from the University of Chicago, and speaks several languages including French, Italian, and Portuguese.
- Grant AsplundGrowth Technologies Evangelist, Check Point Software Technologies
For more than 20 years, Grant Asplund has been sharing his insights on how businesses can best protect themselves from sophisticated cyber-attacks in an increasingly complex world. As Check Point’s chief evangelist, he travels the world enthralling audiences with his passionate and relational storytelling at conferences like RSA and Next100 CIOs and numerous media interviews. Grant’s wide range of cyber security experience informs his talks, having served in diverse roles ranging from sales, marketing, business development, and senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetaInfo, he led its acquisition by Neustar. Grant is the host of the CISO Secrets podcast (cp.buzzsprout.com) and the Talking Cloud Podcast (www.talkingcloudpodcast.com) on Cloud security.
- Mike StacySr. Director, Enterprise Security Strategy, Proofpoint
Mike works with customers and oversees technical strategy for areas which include cloud security, advanced email defense, SOAR, browsing security, and SDP. Prior to joining Proofpoint, Mike held numerous technical leadership and product strategy roles across a variety of solutions.
- Michael MeyerChief Risk and Innovation Officer, MRS BPO, LLC
Michael Meyer, MPSTM, CISSP, CIPP/US, CIPM, FIP, CISM, CRVPM II, CRISC, CISA, is the Chief Risk and Innovation Officer of MRS BPO. He is responsible for overseeing the company’s enterprise innovation, risk management and security initiatives for its Fortune clients. Michael has been with MRS for over 20 years and previously served in the Chief Security and Chief Information Officer roles. He has a Master’s degree in Technology Management from Georgetown University and a Bachelor’s degree in Computer Science from Rutgers University. Prior to MRS, he owned a consulting company, taught secure government systems globally and was in Military Intelligence.
- Roger GrimesData-Driven Defense Evangelist, KnowBe4
Roger Grimes is a 30-year computer security consultant, instructor, holder of dozens of computer certifications and an award-winning author of 10 books and over 1,000 magazine articles on computer security. He has worked at some of the world’s largest computer security companies, including Foundstone, McAfee and Microsoft. Grimes holds a bachelor’s degree from Old Dominion University. He has been the weekly security columnist for InfoWorld and CSO magazines since 2005.
- Terry RaySVP, Strategy and Imperva Fellow, Imperva
Terry Ray is the SVP and Imperva Fellow for Imperva Inc. As a technology fellow, Terry supports all of Imperva’s business functions with his years of industry experience and expertise. Previously he served as Chief Technology Officer where he was responsible for developing and articulating the company’s technical vision and strategy, as well as, maintaining a deep knowledge of the Application and Data Security Solution and Threats Landscape.
Earlier in his tenure at Imperva, he held the role of Chief Product Strategist where he consulted directly with Imperva’s strategic global customers on industry best practices, threat landscape, application and data security implementation and industry regulations. He continues to operate as an executive sponsor to strategic customers who benefit from having a bridge between both company’s executive teams. He was the first U.S.-based employee, and during his 15 years at Imperva, he has worked hundreds of data security projects to meet the security requirements of customers and regulators from every industry.
Terry is a frequent speaker for RSA, ISSA, OWASP, ISACA, IANS, CDM, NLIT, The American Petroleum Institute, and other professional security and audit organizations in the Americas and abroad. Terry also provides expert commentary to the media and has been quoted in Security Week, SC Magazine, CBS News, the BBC, and others.
- Dave GoldField CTO, Americas, SentinelOne
Dave has more than 15 years experience in enterprise information security and brings a strong track record of innovation and customer focus to SentinelOne. Prior to SentinelOne, he was the VP of Product and VP of Solutions Architecture at ProtectWise and helped launch and build the company from stealth to a successful exit to Verizon. Dave helped define the network detection and response market and has helped many organizations develop detection and response strategies and to embrace cloud delivered technologies. He has also led Firewall Product Management at McAfee and has held various roles in sales engineering, product management and support at Websense, Intel, McAfee and Secure Computing.
- Salar Atrizadeh, Esq.Attorney at Law, Law Offices of Salar Atrizadeh
Salar Atrizadeh, Esq. is an attorney and IT expert with an extensive background in technology and computer information services. He has conducted seminars before legal and non-legal organizations on similar topics. Salar is licensed to practice in the State of California, District of Columbia, and the United States District and Bankruptcy Courts and holds a bachelor's of science degree in computer information systems with a minor in database management systems.
- Jayson SalazarSr. Security Automation Engineer, GitLab Inc.
Former software engineer and penetration tester, nowadays Sr. Security Automation Engineer at GitLab.
- James ChristiansenVP, CSO - Cloud Security Transformation, Netskope
James Christiansen is Netskope’s vice president of cloud security transformation and leader of the Global Chief Strategy Office. He is focused on enhancing Netskope’s global clients understand the challenges and solutions of cloud deployments by helping drive thought leadership in cloud security transformation.
James brings extensive expertise as a global leader in information security. Prior to joining Netskope, he was vice president CISO at Teradata where he led the global security, physical, and information security teams. Previously, James was vice president of information risk management at Optiv, chief information risk officer for Evantix, and CISO at Experian Americas, General Motors, and Visa International.
As a sought-after expert speaker on security, James has been featured at numerous prestigious events, including the Business Roundtable, Research Board, American Bar Association, American Banker, the RSA Conference, BankInfoSecurity, ISSA, ISACA, HIMSS, and MIS Training Institute. He has also been featured in The New York Times and quoted as an expert in USA Today, The Wall Street Journal, Reuters, United States Cybersecurity Magazine, Bloomberg, and Healthcare IT News.
James is a patent inventor and has received three innovation awards in cyber security, GRC, and cloud computing. He is the author of the Internet Survival Series and contributing author of CISO Essentials, as well as numerous industry papers.
- Brian RobisonChief Evangelist & Sr. Director, Product Marketing, BlackBerry
Brian Robison is the Senior Director, Product Marketing and Chief Evangelist at BlackBerry (formerly Cylance), where he educates the world that preventing cybersecurity threats is actually possible and a much better approach than detecting and responding after an attack. With over 20 years' of cybersecurity experience, Robison is a regular speaker at industry events such as RSA, Black Hat, and thought leadership forums. Prior to joining BlackBerry, Robison worked to defend organizations from mobile security threats—three years as a director at Citrix XenMobile and two years driving enterprise strategy at Good Technology. Robison also spent over six years at McAfee with a special focus on end-point security leading efforts. During this time, he also managed vulnerability and policy compliance solutions.
- Michael LopezDirector of Cloud Services, AccessIT Group
Mike Lopez, Director of Cloud Services at AccessIT Group, has a history of designing cloud architecture with a security focused approach for government and fortune 500 clients. He has worked with private and public cloud environments including AWS, Azure, Oracle, and Google Cloud. Mike leads AccessIT Group’s Cloud practice by helping its customers create strategies for their cloud adoption through a vendor agnostic holistic approach to cloud security. Because of his mixed background, he bridges the traditional gap between security and development teams, helping them work together in the cloud journey. Prior to his role at AccessIT Group, Mike was the Lead Consultant of Professional Services at Check Point Software Technologies and served as the subject matter expert for their cloud security products. As a cloud specialist, Mike is AWS and Azure certified and maintains Check Point CCSE and CCVSE certifications.
- Grant AsplundGrowth Technologies Evangelist, Check Point Software Technologies
For more than 20 years, Grant Asplund has been sharing his insights on how businesses can best protect themselves from sophisticated cyber-attacks in an increasingly complex world. As Check Point’s chief evangelist, he travels the world enthralling audiences with his passionate and relational storytelling at conferences like RSA and Next100 CIOs and numerous media interviews. Grant’s wide range of cyber security experience informs his talks, having served in diverse roles ranging from sales, marketing, business development, and senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetaInfo, he led its acquisition by Neustar. Grant is the host of the CISO Secrets podcast (cp.buzzsprout.com) and the Talking Cloud Podcast (www.talkingcloudpodcast.com) on Cloud security.
- Piyali DasSr. Director, Information Security Risk Management, The College Board
Piyali Das has a proven 16-year track record of leading Information Security and Information Technology enterprise-wide initiatives. This includes success in risk-based prioritization of security initiatives and the resolution of complex issues cost effectively. She has also directed complex cross-functional projects across the enterprise resulting in exceptional operational outcomes. Her core competencies include Information Security Risk Management, Risk and Compliance Frameworks (NIST, ISO, PCI, SOC, SOX, COBIT, OWASP, SIG), Third-party Risk Management, Risk Metrics and Dashboards, Risk-based Prioritization, Collaboration and Communication, Process Improvements, Customer-Focus, Vendors and Personnel Management, Security Awareness Training and Phishing Simulation, and AWS Cloud Security Controls.
- Jose BarajasTechnical Director of NA, Sales Engineering, AttackIQ
Jose Barajas is Technical Director, NA Sales Engineering AttackIQ. He has over a decade of experience as a security researcher reverse-engineering malware and developing security controls and analytics. At AttackIQ, he now focuses on improving security control efficacy through attacker behavior emulation and establishing continuous security validation programs. Jose has presented at Black Hat, Globaltek Security Conference, and ISACA Security Conference.
- Crane HassoldDirector of Threat Intelligence, Abnormal Security
Crane Hassold is the Director of Threat Intelligence at Abnormal Security, where he leads a team responsible for researching enterprise-focused cyber threats. Prior to joining the private sector in 2015, Crane served as an Analyst at the Federal Bureau of Investigation for more than 11 years, providing strategic and tactical analytical support to cyber, financial crime, and violent crime cases. For most of his career with the FBI, Crane worked in the Behavioral Analysis Units in Quantico, Virginia, where he provided analytical and behavioral support (“profiling”) to intelligence community and law enforcement partners against national security adversaries and serial criminals. Crane has also been recognized as a subject matter expert in open source intelligence collection and has presented at numerous conferences about using successful analytical techniques.
- Meera RaoSr. Director, Product Management, Synopsys
Ms. Meera Rao is a Senior Director of Product Management, focusing on DevOps solutions at Synopsys, Inc. Ms. Meera has over 20 years of experience in software development organizations in a variety of roles including Architect, Lead Developer, and Project Manager, and Security Architect. Ms. Meera has been working as a trusted adviser to Fortune 500 companies, helping them achieve realistic goals for practical CI/CD & DevSecOps. She advises organizations in defining, implementing, maturing, scaling and measuring DevSecOps. Ms. Meera is very passionate about getting more women working in the technology industry. Ms. Meera participates, presents, and speaks at several conferences, spreading her knowledge of security and the importance of women in the technology workforce. Meera was awarded the SecDevOps Trailblazer award from SecuritySerious in London in 2018. Meera was a finalist in the Computing Women in IT Excellence Awards 2019 for Role Model of the Year.
- Moderator: Joe WalshM.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University
Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for 13 years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor's degree in Information Systems, a master's degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D. in Information Systems with a concentration in Cybersecurity.
- Harrison ParkerSolutions Architect, Siemplify
Harrison holds a Bachelor's in Computer Science from Harvard University.
- Jordan Fischer, InstructorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Larry ChinskiVice President, Global IAM Strategy and Customer Advocacy, One Identity
Larry Chinski has over 20 years in the Identity and Access Management industry and travels globally to help complex organizations understand emerging trends, the current threat landscape, and how to leverage technology platforms to resolve issues related to cybersecurity as well as operational efficiency.
- Deidre DiamondFounder and CEO, CyberSN and Secure Diversity
Deidre Diamond is the founder and CEO of CyberSN, the largest cybersecurity talent acquisition technology and services firm in the U.S., transforming job searching and hiring for the cybersecurity industry. Standardizing all cybersecurity job functions into a common taxonomy of 45 roles, the CyberSN platform allows professionals to make anonymous, public profiles that match with employer-posted job descriptions using the same taxonomy. This innovation is disruptive and solves a serious national security issue. Deidre’s leadership style combines 25 years of experience working in technology and staffing, her love of the cybersecurity community, and a genuine enthusiasm for people. She has led large-scale sales and operations and built high-performance teams at Rapid7 and Motion Recruitment prior to founding her own organizations. She believes a company-culture established on ‘anything is possible’ attitudes and open communication frameworks, along with positive energy, career advancement, and kindness, enables her teams to have fun at work and reach beyond peak performance. She also encourages the use of EQ (Emotional Intelligence) skills: self-awareness, self-regulation, motivation, social skills, and empathy. Deidre has also founded SecureDiversity.org, a non-profit organization working to raise awareness for, and increase the hiring of, women and underrepresented humans in the cybersecurity workforce. She has also spoken at some of the biggest tech summits, conferences, and podcasts in the world including ISC2 Congress, RSA, ISSA International, and Hacker Halted.
- Tommy ToddVice President of Security, Code42
Tommy Todd is Vice President of Security at Code42 with over 20 years of cybersecurity experience, primarily focused on data privacy and data protection strategies. Prior to Code42, Tommy served in security roles at Symantec, Ionic Security, and Optiv, as well as many other firms. Throughout his career, he has acted as a leader, mentor, engineer, architect, and consultant to solve difficult data protection challenges. Tommy is passionate about data—both consumer and commercial—and strives to improve the security posture in organizations he works with.
- Alex KirkGlobal Principal Engineer, Corelight
Alex Kirk is an open source security veteran, with a combined 17 years at Sourcefire, Cisco, Tenable, and now Corelight, where he serves as Global Principal for Suricata. Formerly a malware zookeeper and IDS signature writer, today he spends his time helping SOC analysts and advising on security policy for government agencies, universities, and large corporations around the world.
- Ryan AlemanDirector, Solution Architect , Armis
Ryan Aleman is a Director of Solutions Architect at Armis. In this role, Ryan is at the forefront of the developing landscape of unagentable devices. With an extensive background in security and technical environment management, Ryan has worked extensively to find passive, agentless security solutions in the medical, industrial, and IoT spaces, along with traditional enterprise environments.
- Bruno AlmeidaCloud Overlay Sales Engineer, Gigamon
Bruno Almeida is a Sales Engineer at Gigamon, where he partners with customers to help them ensure continuous security and monitoring of cloud and data center services during their digital transformation journeys. He has over a decade of experience in the IT infrastructure space. Before joining Gigamon, Bruno worked for several firms in the managed service provider space, including Regra SA and Alphaserve Technologies. Bruno holds several industry certifications including AWS Solutions Architect, Azure Fundamentals, and VMware Certified Professional. He received his bachelor's degree in Electrotechnical and Computers Engineering from Instituto Superior Técnico in Lisbon, Portugal.
- Nathan WenzlerChief Security Strategist, Tenable, Inc.
Nathan Wenzler is the Chief Security Strategist at Tenable, the Cyber Exposure company. Nathan has over two decades of experience designing, implementing, and managing both technical and non-technical security solutions for IT and information security organizations. He has helped government agencies and Fortune 1000 companies alike build new information security programs from scratch, as well as improve and broaden existing programs with a focus on process, workflow, risk management, and the personnel side of a successful security program.
Nathan brings his expertise in vulnerability management and Cyber Exposure to executives and security professionals around the globe in order to help them mature their security strategy, understand their cyber risk, and measurably improve their overall security posture.
- Paul KitorApplication Security Solution Architect, Contrast Security
- Vana KhuranaSr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware Valley
Vana Khurana is CISSP, AWS Certified Architect (A), CCSP, CCSK, GSEC, and TOGAF certified. Vana serves as Director of Training and a Board Member of Cloud Security Alliance Delaware Valley Chapter. She is also an Adjunct Faculty at Temple University, Philadelphia. Vana has authored the book "IT Process Management," available on Amazon.
- John GrimHead of Research, Development, Innovation, Verizon Threat Research Advisory Center
John has over 17 years of experience investigating, and leading teams investigating, data breaches and cybersecurity incidents within the government and civilian security sectors. Currently, John heads the Verizon Threat Research Advisory Center (VTRAC) research, development, and innovation effort. In this role, he focuses on researching cybersecurity incidents, performing digital forensic examinations, advising on data breach containment and eradication efforts, and creating data breach response preparedness training and breach simulation exercises for customers worldwide. Prior to joining Verizon, John served 12 years with the U.S. Army investigating security-related incidents with eight years specifically focused on network intrusion investigations and forensic examinations.
- Chris PinVP, Security and Privacy, PKWARE
Chris Pin serves as PKWARE’s VP, Security and Privacy. In this role, Chris drives value and awareness for all PKWARE customers regarding the various challenges that both privacy and security regulations bring to the data-driven world. He works closely with all customers and potential customers to help them better understand how PKWARE solutions best fit into their environments and processes. He also works very closely with many other departments such as Sales, Marketing, Partners, and Product to help build brand awareness and product insights.
With over 15 years of experience, Chris’s career began at the Pentagon where he supported the Army Headquarters as a Systems Engineer. Following his tenure at the Pentagon, he transitioned into global architecture and engineering for SOCOM, focusing on global networks and security. This is where he developed a deep understanding of what it takes to operate global networks at scale while ensuring the best security and privacy without jeopardizing the end-user experience.
Prior to joining PKWARE as part of the Dataguise acquisition, Chris spent four years at Costco leading the data center migration of the e-commerce domain before transitioning into Privacy and Compliance where he was a PCI-ISA and assisted through yearly PCI assessments. Most notably, Chris also led Costco’s GDPR and CCPA efforts on a global scale, working with teams across the company, Infosec, development, policy, legal, employee education, change review, marketing, HR, buyers, and more.
Chris has a CIPM certification and studied Aviation Management at Dowling College. When not working, he enjoys spending time with family, flying drones, kayaking, and adventuring the Pacific Northwest.
- John WeilerChairman of the Board, CMMC Center of Excellence
John Weiler is currently the CEO and CIO of a congressionally charted IT "do tank" called IT-AAC. He has forged partnerships with two dozen leading non-profits and federal agencies committed to the Digital Transformation of the federal IT sector.
He has 40 years of IT Management, Solution Engineering, and Architecture experiences, covering both private and public sectors. His expertise has taken him from senior leadership roles in Fortune 1000 companies (May Dept Stores, Giant Food, Boeing) to non-profit (Object Management Group, Interop. Clearinghouse), to high technology companies (Oracle, Excalibur, ParcPlace, Kodak, BAH, CACI).
- Adam LeisringChief Risk Officer & CISO, Paycor
Adam is the Chief Information Security Officer for Paycor, one of the largest independently held Human Capital Management companies in America. He oversees Information Security for Paycor’s 1,400 associates, as well as Paycor’s 30,000 clients of their award-winning SaaS product. In past positions, he has served in leadership roles including Technical Services and Operations, Enterprise Architecture, and Software Engineering. Adam holds CISSP and CISM certifications, as well as a Master’s Certificate in Corporate Information Security. Adam is a volunteer in ISC(2)'s Safe and Secure Online program, which spreads security awareness to children at local schools. He also plays jazz trumpet in non-profit “Jump and Jive” big band in Cincinnati, donating proceeds to area schools for music education.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes