Top 10 Reasons to Attend SecureWorld
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, February 17, 2021
    3:00 pm
    [PLUS Course] Data Privacy and Security: Essentials for an Evolving Legal Landscape
    • session level icon
    Session 1 – Trends in the Law: An Overview of the Domestic Regulatory and Legal Landscape
    speaker photo
    Leader, Global Privacy Practice Group, Beckage, PLLC
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    This in-depth training course will provide an administrative, legal, and technical overview of the Privacy and Security Legal Landscape, with operational tools to address the changing regulatory and legal landscape. Attendees qualify for 5 CPE credits (11 total with conference attendance).

    The three sessions will include hands-on exercises to demonstrate the best approach to the dynamic legal requirements in the cyber and privacy space. The sessions will involve a deep dive into the requirements of the Federal Trade Commission (FTC), California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the New York SHIELD Act, and the European Union’s General Data Protection Regulation (GDPR), as well as standards including the NIST Privacy Standard and the ISO Privacy Standards.

    Session 1 – Trends in the Law: An Overview of the Domestic Regulatory and Legal Landscape

    The U.S. legal framework for data security and privacy continues to evolve. Trying to stay abreast of the ever-evolving technologies and legal requirements can be overwhelming. In the past year, State and Federal regulatory changes have altered the legal and compliance obligations of many companies across a wide variety of industries. Additionally, the courts are starting to issue opinions that have placed heightened liability on companies to protect sensitive personal data.

    This session will provide an overview of key regulatory and legal changes, both at the State and Federal level, and discuss how companies should prepare to meet these evolving obligations. We will break down the requirements of key regulations, including the GDPR and the CCPA, providing insight into key aspects of the laws. Additionally, this session will discuss the impact of recent court decisions on privacy and security liability.

  • Thursday, February 18, 2021
    7:30 am
    [PLUS Course] Data Privacy and Security: Essentials for an Evolving Legal Landscape
    • session level icon
    Session 2 – Risk Transference: Developing a Security and Privacy Program to Address Compliance Requirements
    speaker photo
    Leader, Global Privacy Practice Group, Beckage, PLLC
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    This in-depth training course will provide an administrative, legal, and technical overview of the Privacy and Security Legal Landscape, with operational tools to address the changing regulatory and legal landscape. Attendees qualify for 5 CPE credits (11 total with conference attendance).

    The three sessions will include hands-on exercises to demonstrate the best approach to the dynamic legal requirements in the cyber and privacy space. The sessions will involve a deep dive into the requirements of the Federal Trade Commission (FTC), California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the New York SHIELD Act, and the European Union’s General Data Protection Regulation (GDPR), as well as standards including the NIST Privacy Standard and the ISO Privacy Standards.

    Session 2 – Risk Transference: Developing a Security and Privacy Program to Address Compliance Requirements

    In the current patchwork approach to data security and privacy legal requirements, it can be challenging for a business to create a comprehensive privacy and security program that complies with the various (and sometimes conflicting) legal requirements while also fitting organically within your business. Building solutions that can be easily shifted to meet new and evolving legal requirements is key.

    This session will provide a detailed explanation of core components of a security and privacy program, methods to ensure that the program can be altered to fit new requirements as they come into place, and how to transfer risk when possible. The session will include a discussion on Written Information Security Policies, Departmental and Employee Policies, Risk Management Programs, Client Contract Management Programs, Incident/Breach Response Programs, and training.

    8:00 am
    Advisory Council Roundtable
    • session level icon
    Discussion topic to be announced
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:50 am

    This session is for SecureWorld Advisory Council members by invite only.

    8:15 am
    ISSA New England Chapter Meeting and Presentation
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:15 am - 8:50 am

    Join the ISSA New England for a chapter meeting and guest presentation on career development and bringing in the next generation of InfoSec professionals. All SecureWorld attendees are welcome to attend.

    8:15 am
    Association Chapter Meetings
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:15 am - 8:50 am

    Participating professional associations and details to be announced.

    8:30 am
    Exhibit Hall Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:00 am
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Virtual booths feature demos, resources downloads, and staff ready to answer your questions. Look for participating Dash For Prizes and CyberHunt sponsors to be entered to win prizes.

    9:00 am
    Opening Keynote
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:00 am
    Location / Room: Exhibitor Floor

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:00 am
    Using the CIS Controls to Measure and Support Your Security Program
    • session level icon
    speaker photo
    Election Security Partnership Program Manager, Office of the Secretary of the Commonwealth of Massachusetts
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am
    In this session, you will learn what the CIS Controls are, why people use them, and how they can be used to grade the maturity of your security program. This will help you shape your security budget for the next few years.

    Presentation Level: MANAGERIAL (security and business leaders)

    10:00 am
    Big-Game Ransomware Attack Simulation and SolarWinds Response
    • session level icon
    speaker photo
    Field CTO, Varonis
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    The SolarWinds supply chain compromise opened a hard-to-detect backdoor for one of the world’s most advanced threat actors to steal data and establish persistence. This is the stealthiest attack we’ve ever seen. Let’s ensure you’re protected.

    Join us to see exactly how a big-game ransomware attack works and how to defend against it. Ransomware gangs dwell in networks for months, stealing data and leaving backdoors before they start dropping ransom notes. We’ll teach you how big-game ransomware gangs operate and showcase common tactics, techniques, and procedures (TTPs) that will help you prepare for an attack.

    10:00 am
    Developing an Effective Security Awareness Program
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am
    Location / Room: 103

    Security Awareness is well known for being the “best bang for the buck” out of all the risk mitigation techniques, but is it really? For Security Awareness to be effective, it must change the behaviors of employees and ideally lead to a mature security culture in your organization. Many programs that do not use adult education techniques and neuroscience fail to achieve behavior change—and can even make things worse. Once employees start to have a negative impression about information security, feel helpless, or begin to consider remediation as punitive, great damage has been done to the security culture and this can be difficult to reverse.

    This fun presentation will help you to gain an understanding about effective Security Awareness program creation and implementation, as well as to build buy-in for a mature security culture.

    10:00 am
    Practical Considerations When Verifying Your Vendors' Cybersecurity Controls
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    As businesses grow, it becomes increasingly cheaper, more convenient, and more efficient to rely on third parties to take on certain business functions. However, the security of your organization’s assets is only as strong as the weakest link in your vendor chain.

    Embracing the “trust-but-verify” approach, this session offers helpful tips and areas to focus on when validating your vendors’ cybersecurity controls.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    10:30 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 10:45 am

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    10:45 am
    Connected Devices Need Connected Teams
    • session level icon
    speaker photo
    CISO, SPX Corporation
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    IoT security is a growing concern as the number of connected devices increases. California, Oregon, and the EU now regulate the security of IoT devices. Leveraging compliance to create IT/Security partnership with Engineering, Application, and R&D teams is an opportunity to create successes for your business.

    Presentation level: MANAGERIAL (security and business leaders)

    10:45 am
    A Critical Look at the Security Posture of the Fortune 500
    • session level icon
    speaker photo
    Sr. Director, Chief Security Data Scientist, Rapid7
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    The global pandemic has brought many changes to the IT landscape of corporations across the globe. To see how this has impacted the “best of the best,” Rapid7 Labs has reprised its seminal industry cyber exposure research from 2018 to see how the security posture of Fortune 500 organizations has evolved (or devolved), and to present solid advice to CISOs and practitioners looking to improve their cybersecurity practices.

    10:45 am
    Insider Threats: A Multi-Pronged Approach to Protecting Your Organization
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am
    Insider threats are a real danger and cannot be overlooked. While deploying the latest secure system to fight against cyber threats is a decent strategy, you must also implement an effective insider threat system for an overall cybersecurity solution. An insider threat program cannot be brought off the shelf, but is a continuous process to identify and detect an incident as it occurs.

    Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

    11:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 11:30 am

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    11:30 am
    Healthcare Digital Disruption—the Unexpected COVID-19 Outcome
    • session level icon
    speaker photo
    CISO, Steward Health Care
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm
    11:30 am
    Ransomware Incident Command and Lessons Learned for Managers
    Registration Level:
    11:30 am - 12:00 pm

    This presentation presents a practical approach to incident command for managers at all levels, irrelevant of cyber expertise. Managers of all types are asked to take charge in critical situations and can benefit from leveraging proven crisis management processes during ransomware response.

    11:30 am
    New Remote Workforce: Privacy and Security Risks and Mitigations
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    The sudden growth in the remote workforce exposed critical cybersecurity and privacy concerns that should be considered. This presentation will provide an overview of key legal considerations with remote work when it comes to privacy and security, as well as discuss some solutions to help mitigate risk as your employees work from home.

    12:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    12:15 pm
    The Medical Internet of Things: How to Manage What Historically Has Been Unmanaged
    • session level icon
    speaker photo
    Sr. Security Engineer, Boston Scientific
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    The medical device landscape is rapidly changing. Clinicians and Health Delivery Organizations are increasingly demanding that medical devices be connected. Why do we want to connect these devices? How do we do it securely? What challenges does this present? Dave Presuhn will discuss how to ensure your medical devices survive in the jungle that we call a network.

    12:15 pm
    Leveraging the Three Lines of Defense to Improve Your Security Position
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Depending on your role, a three lines of defense risk management model can be your best friend or worst enemy. No matter your view, the data produced through these channels can help you better understand your weaknesses, work more effectively with senior management, and respond to a variety of scenarios.
    Presentation Level: MANAGERIAL (security and business leaders)
    12:15 pm
    [Panel] Addressing Weakness: Vulnerability Management
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    NIST defines vulnerabilities as, “Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” This panel will discuss current vulnerabilities and risk management through proper controls and best practices.

    12:15 pm
    [Panel] Identity and Access Management: Zero Trust for the Win?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    Authentication used to be a discreet decision with the purpose of securing a single access point. Today, the ability to utilize many different types of authentication—from passwordless authentication, to certificate-based authentication, to adaptive and multi-factor authentication—is the foundation of a robust access management framework. With all the terms flying around out there—MFA, 2FA, Zero Trust, IAM, etc.—it’s hard to keep track of what is supposed to be working. Our experts will help demystify the jargon, provide best practices, and steer you away from common missteps.

    12:15 pm
    Executive Roundtable
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:15 pm - 1:00 pm

    Discussion forum for executive leaders and SecureWorld Advisory Council members (10-15, invite only). Moderated by a CISO/CSO.

    1:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    1:15 pm
    Teaching Others to Hike in the Cybersecurity Wilds
    • session level icon
    speaker photo
    Director, Information Security, Risk & Compliance, Columbia Sportswear
    speaker photo
    Program Manager, InfoSec Awareness and Analytics, Columbia Sportswear
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    Every hike takes you to new places, but the basics of hiking are the same: good shoes, a map, and a trailhead. Building a strong cybersecurity awareness program is no different. Let us take you on our journey of how we built a cybersecurity oriented culture, and how you know it’s working.

    1:15 pm
    Ethical Hacking and Cyber Ecosystems: Anticipating the Predators
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    In an ever-evolving digital landscape with cloud computing, mobility and IoT systems, more sophisticated approaches to vulnerability assessment are necessary. One of the central tools used in vulnerability testing is penetration testing, along with other techniques that are more broadly classified as ethical hacking. This discussion includes highlights from three case studies of ethical hacking in different settings. Highlights include approaches to ethical hacking and specific penetration techniques relevant to cloud computing and network security. Topics will also include challenges faced in ethical hacking within cybersecurity ecosystems and a discussion of a robust, integrative multi-layered used in ethical hacking.
    Presentation Level: TECHNICAL (deeper dive including TTPs)

    1:15 pm
    [Panel] Threat Landscape in Flux: Emerging Threats
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    The attack surface is shifting, threat actors are adapting, and security teams must also pivot. This panel will take a dive into various attack vectors, security gaps, and emerging threats organizations are now facing.

    1:15 pm
    [Panel] No Perimeter: Security in the Cloud
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    Worldwide events have accelerated cloud adoption trends. Organizational reliance on the cloud is at an all-time high. This panel will explore cloud security risks, controls, and best practices to help ensure a secure cloud computing environment.

    1:15 pm
    Executive Roundtable
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    1:15 pm - 2:00 pm

    Discussion forum for executive leaders and SecureWorld Advisory Council members (10-15, invite only). Moderated by a CISO/CSO.

    2:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:15 pm

    Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

    2:15 pm
    Closing Keynote
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    3:15 pm
    [PLUS Course] Data Privacy and Security: Essentials for an Evolving Legal Landscape
    • session level icon
    Session 3 – Data Subject Rights: Complying Across Regulatory Frameworks
    speaker photo
    Leader, Global Privacy Practice Group, Beckage, PLLC
    Registration Level:
    • session level iconSecureWorld Plus
    3:15 pm - 4:45 pm

    This in-depth training course will provide an administrative, legal, and technical overview of the Privacy and Security Legal Landscape, with operational tools to address the changing regulatory and legal landscape. Attendees qualify for 5 CPE credits (11 total with conference attendance).

    The three sessions will include hands-on exercises to demonstrate the best approach to the dynamic legal requirements in the cyber and privacy space. The sessions will involve a deep dive into the requirements of the Federal Trade Commission (FTC), California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the New York SHIELD Act, and the European Union’s General Data Protection Regulation (GDPR), as well as standards including the NIST Privacy Standard and the ISO Privacy Standards.

    Session 3 – Data Subject Rights: Complying Across Regulatory Frameworks

    Data subjects have numerous rights under data protection regulations, including the CCPA and GDPR. Being able to address those rights effectively and efficiently in the appropriate time frame and manner is a key element to compliance with those regulations. In this session, we will demonstrate how an organization can integrate administrative and technical controls to address Data Subject requests. Providing a hands-on approach, participants will walk through several data subject requests and work through the administrative and technical mechanisms to address those requests.

Exhibitors
  • APCON
    Booth:

    APCON, an industry leader in network visibility and security solutions, provides an unparalleled level of confidence to enterprise and midsize businesses seeking network insights for enhanced investigation, threat detection and response. Our customers include Fortune 1000 companies to midsize organizations as well as government and defense agencies. Organizations in over 40 countries depend on APCON solutions.

  • BeyondTrust
    Booth: https://www.engagez.net/beyondtrust

    Your Ally Against Cyber Security Threats
    BeyondTrust cyber security solutions deliver the visibility to reduce risks and the control to act against internal and external data breach threats.

  • Code42
    Booth:

    Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

  • Egress Software Technologies
    Booth:

    Egress Software Technologies Ltd is a UK-based software company. It provides a range of data security services designed to protect shared information throughout its lifecycle, offering on-demand security for organisations and individuals sharing confidential information electronically.

  • Imperva
    Booth:

    Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.

  • (ISC)2 Eastern Massachusetts
    Booth: N/A

    Advancing Information Security One Community at a Time
    As anyone seriously involved in the information security profession can attest, peer networking is an invaluable resource. (ISC)² Eastern Massachusetts Chapter provide members with the opportunity to build a local network of peers to share knowledge, exchange resources, collaborate on projects, and create new ways to earn CPE credits!

  • ISSA New England
    Booth: N/A

    The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members’ information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.

    Since its inception in 1982, ISSA’s membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations’ assets and resources.

    Visit the National Headquarter’s website at www.issa.org.

  • KnowBe4
    Booth:

    We are a leader in the Gartner Magic Quadrant and the fastest-growing vendor in this space.

    KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.

    The KnowBe4 platform is user-friendly and intuitive. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design the most powerful, yet easy-to-use platform available.

    Customers of all sizes can get the KnowBe4 platform deployed into production twice as fast as our competitors. Our Customer Success team gets you going in no time, without the need for consulting hours.

  • Netskope
    Booth:

    Netskope offers the industry’s only all-mode architecture that supports any use case. This starts with the option of being deployed 100 percent in the cloud, as an on-premises appliance, or via a hybrid configuration that includes both. When it comes to traffic steering, Netskope supports every possible out-of-band and inline mode, including forward and reverse proxy, secure TAP, API, and log-based discovery. These modes are often used in parallel to cover customers’ multiple use cases.

  • Nexum
    Booth:

    Nexum, Inc. is a cybersecurity and networking company that builds and secures global networks for organizations across multiple verticals around the world. In addition to its Chicago headquarters, Nexum has sales, training and support presence in Kentucky, Michigan, New Hampshire, Ohio and Wisconsin as well as the Security and Network Operations Command Centers (SNOCC) in New Mexico and Illinois.

  • Okta
    Booth:

    Okta is the foundation for secure connections between people and technology. Our IT products uniquely use identity information to grant people access to applications on any device at any time, while still enforcing strong security protections. Our platform securely connects companies to their customers and partners. Today, thousands of organizations trust Okta to help them fulfill their missions as quickly as possible.

  • Palo Alto Networks
    Booth: https://www.engagez.net/palo-alto-networks

    Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

  • Rapid7
    Booth:

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • Recorded Future
    Booth:

    Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.

  • SentinelOne
    Booth:

    SentinelOne is the future of Endpoint Protection. It unifies prevention, detection and response in a single platform driven by sophisticated machine learning and intelligent automation. With SentinelOne, organizations can detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated, integrated response capabilities, and adapt their defenses against the most advanced cyber attacks.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Tevora
    Booth:

    Tevora is an enterprise consulting firm specializing in information assurance, governance and compliance services and solutions. We work with some of the world’s leading companies, institutions and governments to ensure the safety of their information and their compliance with applicable regulations. With a distinctive combination of proven products and services, Tevora aids enterprises in protecting their most important assets from external and internal threats. For more information visit https://www.tevora.com.com/.

  • Varonis
    Booth:

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • WEI
    Booth:

    Why WEI?  We go further.

    At WEI, we’re passionate about solving your technology problems and helping you drive your desired business outcomes. We believe in challenging the status quo and thinking differently.  There are a lot of companies that can take today’s technology and create a great IT solution for you. But we do more. We go further. And we have the customer, vendor and industry awards to prove it.  WEI is a premier technology partner, who always puts our customers first while providing the most innovative solutions for over 29 years.

  • Whalley Computer Associates
    Booth:

    Whalley Computer Associates, Inc. (WCA) employs some of the region’s best engineers and is equipped to accommodate all computer and communication needs for businesses of all sizes in every industry. As an aggressive entrepreneurial business, we’re capable of responding to your needs with a level of flexibility and speed that other organizations can only dream of.

    While we’ve grown tremendously since 1979, we remain a friendly, flexible, family-owned business that prioritizes the needs of our customers. As we’ve evolved, we’ve expanded our reach to service customers throughout the nation. To provide each customer with superior service, we now employ over 140 computer professionals and 10,000 affiliated technicians and engineers. In response to making these advancements, VarBusiness magazine ranked WCA as being a high-level engineering firm in the largest 1% of all Solution Providers in North America.

  • Women in CyberSecurity (WiCyS)
    Booth: N/A

    Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Jordan Fischer
    Leader, Global Privacy Practice Group, Beckage, PLLC

    Jordan L. Fischer, Esq. is the Global Privacy Practice Group leader at Beckage, PLLC, a seasoned team of lawyers focused on data security, data privacy, and technology law. She focuses her practice on international data privacy, cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations, the GDPR, and the CCPA. Jordan brings extensive experience in the intersection of law and technology to counsel global companies to create legal solutions. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University and a Cybersecurity Lecturer at UC Berkeley, School of Information.

  • speaker photo
    Jordan Fischer
    Leader, Global Privacy Practice Group, Beckage, PLLC

    Jordan L. Fischer, Esq. is the Global Privacy Practice Group leader at Beckage, PLLC, a seasoned team of lawyers focused on data security, data privacy, and technology law. She focuses her practice on international data privacy, cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations, the GDPR, and the CCPA. Jordan brings extensive experience in the intersection of law and technology to counsel global companies to create legal solutions. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University and a Cybersecurity Lecturer at UC Berkeley, School of Information.

  • speaker photo
    Mike Ste. Marie
    Election Security Partnership Program Manager, Office of the Secretary of the Commonwealth of Massachusetts

    Mike has over 17 years of experience in the Information Security field, working in multiple industries around the Boston area. He has helped build and improve information security programs, deploy and manage awareness training to over 1,000 staff members, as well audit networks against the CIS Controls. He holds the CISSP certification, has a Masters in Information Assurance from Norwich University and has been a long time member of the Secureworld Boston Advisory Council.

  • speaker photo
    Brian Vecci
    Field CTO, Varonis

    As Field CTO at Varonis, Brian supports a wide range of security and technology initiatives by helping Varonis’ customers and partner get the most out of the company’s products. In his 20-year technical career, Brian served as a developer, tech architect, engineer and product manager for companies in financial services, legal, and cybersecurity. Brian joined Varonis in 2010 in technical marketing, led education and development, and now serves as the company’s Field CTO. He holds a CISSP certification and frequently speaks on topics related to security and technology. He has been quoted in news sources ranging from The Financial Times to Dark Reading and has made multiple appearances on CNBC. Brian holds a Bachelor’s Degree from The New School in New York City and graduated from The Lakeside School in Seattle, Washington.

  • speaker photo
    Lisa Tuttle
    CISO, SPX Corporation

    Lisa Tuttle has served as an executive leader of global organizations, managing technology teams with her engaging enthusiasm and unique combination of information security, privacy, legal, compliance, project management and business management expertise. As CISO of SPX Corporation, she provides technology vision and strategic leadership for the company's IT security, directory services, privacy/compliance, project/change management, and contracts/vendor management programs. She excels at partnering with IT and Business teams, mentoring Women in Technology and encouraging STEM education.

  • speaker photo
    Bob Rudis
    Sr. Director, Chief Security Data Scientist, Rapid7

    Bob Rudis has over 20 years of experience using data to help defend global Fortune 100 companies and is currently [Master] Chief Data Scientist at Rapid7, where he specializes in research on internet-scale exposure. He was formerly a Security Data Scientist & Managing Principal at Verizon, overseeing the team that produces the annual Data Breach Investigations Report. Bob is a serial tweeter (@hrbrmstr), avid blogger (rud.is), R (#rstats) avunculur, author (Data-Driven Security), speaker, and regular contributor to the open source community.

  • speaker photo
    Esmond Kane
    CISO, Steward Health Care

    Prior to his role at Steward, Esmond was the Deputy CISO at Partners HealthCare, where he was responsible for the operational component of the "Lighthouse" program, a radical transformation in Partners approach to security and privacy risk management. Esmond spent 10 years helping to guide improvements in IT delivery and information security in Harvard University. Before working in Harvard, Esmond spent 10 years in several roles and industries including KPMG and BIDMC. In his spare time, Esmond likes to fret about spare time and annoy people who read bios.

  • speaker photo
    Dave Presuhn
    Sr. Security Engineer, Boston Scientific

    Dave has been working in IT since the last millennium. In his current role, he manages the device management system for medical devices. He has worked primarily in healthcare throughout his IT career.

  • speaker photo
    Panel Discussion
  • speaker photo
    Panel Discussion
  • speaker photo
    Brennan O'Brien
    Director, Information Security, Risk & Compliance, Columbia Sportswear

    Brennan is the head of Information Security for Columbia Sportswear Company and a 20-year veteran of cybersecurity in verticals including apparel, logistics, healthcare, and financial services.

  • speaker photo
    Rori Perkins
    Program Manager, InfoSec Awareness and Analytics, Columbia Sportswear

    Rori is an expert in organizational change management with a focus on security awareness and driving human behavior.

  • speaker photo
    Panel Discussion
  • speaker photo
    Panel Discussion
  • speaker photo
    Jordan Fischer
    Leader, Global Privacy Practice Group, Beckage, PLLC

    Jordan L. Fischer, Esq. is the Global Privacy Practice Group leader at Beckage, PLLC, a seasoned team of lawyers focused on data security, data privacy, and technology law. She focuses her practice on international data privacy, cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations, the GDPR, and the CCPA. Jordan brings extensive experience in the intersection of law and technology to counsel global companies to create legal solutions. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University and a Cybersecurity Lecturer at UC Berkeley, School of Information.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Learn and connect virtually

Join your InfoSec peers for high-quality training and collaboration. Sign up today!