googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Top 10 Reasons to Attend SecureWorld
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, February 17, 2021
    3:00 pm
    [PLUS Course] Data Privacy and Security: Essentials for an Evolving Legal Landscape
    • session level icon
    Session 1 – Trends in the Law: An Overview of the Domestic Regulatory and Legal Landscape
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    This in-depth training course will provide an administrative, legal, and technical overview of the Privacy and Security Legal Landscape, with operational tools to address the changing regulatory and legal landscape. Attendees qualify for 5 CPE credits (11 total with conference attendance).

    The three sessions will include hands-on exercises to demonstrate the best approach to the dynamic legal requirements in the cyber and privacy space. The sessions will involve a deep dive into the requirements of the Federal Trade Commission (FTC), California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the New York SHIELD Act, and the European Union’s General Data Protection Regulation (GDPR), as well as standards including the NIST Privacy Standard and the ISO Privacy Standards.

    Session 1 – Trends in the Law: An Overview of the Domestic Regulatory and Legal Landscape

    The U.S. legal framework for data security and privacy continues to evolve. Trying to stay abreast of the ever-evolving technologies and legal requirements can be overwhelming. In the past year, State and Federal regulatory changes have altered the legal and compliance obligations of many companies across a wide variety of industries. Additionally, the courts are starting to issue opinions that have placed heightened liability on companies to protect sensitive personal data.

    This session will provide an overview of key regulatory and legal changes, both at the State and Federal level, and discuss how companies should prepare to meet these evolving obligations. We will break down the requirements of key regulations, including the GDPR and the CCPA, providing insight into key aspects of the laws. Additionally, this session will discuss the impact of recent court decisions on privacy and security liability.

  • Thursday, February 18, 2021
    7:30 am
    [PLUS Course] Data Privacy and Security: Essentials for an Evolving Legal Landscape
    • session level icon
    Session 2 – Risk Transference: Developing a Security and Privacy Program to Address Compliance Requirements
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconSecureWorld Plus
    7:30 am - 9:00 am

    This in-depth training course will provide an administrative, legal, and technical overview of the Privacy and Security Legal Landscape, with operational tools to address the changing regulatory and legal landscape. Attendees qualify for 5 CPE credits (11 total with conference attendance).

    The three sessions will include hands-on exercises to demonstrate the best approach to the dynamic legal requirements in the cyber and privacy space. The sessions will involve a deep dive into the requirements of the Federal Trade Commission (FTC), California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the New York SHIELD Act, and the European Union’s General Data Protection Regulation (GDPR), as well as standards including the NIST Privacy Standard and the ISO Privacy Standards.

    Session 2 – Risk Transference: Developing a Security and Privacy Program to Address Compliance Requirements

    In the current patchwork approach to data security and privacy legal requirements, it can be challenging for a business to create a comprehensive privacy and security program that complies with the various (and sometimes conflicting) legal requirements while also fitting organically within your business. Building solutions that can be easily shifted to meet new and evolving legal requirements is key.

    This session will provide a detailed explanation of core components of a security and privacy program, methods to ensure that the program can be altered to fit new requirements as they come into place, and how to transfer risk when possible. The session will include a discussion on Written Information Security Policies, Departmental and Employee Policies, Risk Management Programs, Client Contract Management Programs, Incident/Breach Response Programs, and training.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 9:00 am
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Roundtable
    • session level icon
    The State of the Industry in New England
    speaker photo
    Digital Event Director, SecureWorld
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:50 am

    This session is for SecureWorld Advisory Council members by invite only.

    Discussion topic moderated by Tom Bechtold of SecureWorld.

    8:15 am
    ISSA New England Chapter Meeting and Presentation
    • session level icon
    What Are You Doing to Attract and Cultivate the Next Generation of InfoSec Professionals?
    speaker photo
    President, ISSA International; CISO, NeuEon
    speaker photo
    Sr. Principal, Security Risk Management, Verizon
    Registration Level:
    • session level iconOpen Sessions
    8:15 am - 8:55 am

    Join this fireside chat with the ISSA New England Chapter as they have a candid conversation with two industry veterans and two aspiring InfoSec professionals. Learn what the next generation of workers is looking for, perceptions, and topics of training, as well as what our seasoned professionals are doing to cultivate and develop their teams.

    Joining co-presenters Candy Alexander and David Dumas will be students Juliana Daggett of University of Rhode Island and Kyle Hagerman and Nasar Kasirye of Mass Bay Community College.

    8:15 am
    Managing Insider Risk without Compromising Speed of Business
    • session level icon
    speaker photo
    Security Community Evangelist, Manager, Code42
    Registration Level:
    • session level iconOpen Sessions
    8:15 am - 8:55 am

    As companies double down on time to innovation, time to market, and time to revenue, they are inherently introducing more risk from the inside. The more cloud-based, collaborative, and fast an organization becomes, the greater the Insider Risks posed to its people, technology, and data. The upside is that cloud collaboration tools make employees more productive. The downside is that these same tools make it easier to exfiltrate data.

    Adding to the complexities of working from home and off the corporate network, more employees are routinely using unauthorized devices, tools, and cloud-based applications to share files and ideas with colleagues.

    Join us to discuss the growing Insider Risk problem and how the right data protection methods can set security teams up for success, without slowing down company productivity.

    8:15 am
    Achieving the Security Data Lake
    • session level icon
    speaker photo
    VP, Solution Architecture, ChaosSearch
    Registration Level:
    • session level iconOpen Sessions
    8:15 am - 8:55 am

    The promise of the Security Data Lake is to provide a centralized, massively scalable repository for ALL data relevant for the Security Operations team, enabling many core functions required by the modern enterprise—monitoring and alerting, threat hunting, advanced persistent threat protection, DDoS mitigation, and many others. But the quest to achieve it has been a rocky one, as infrastructure complexity has prevented most teams from achieving the vision.

    This session will explain the benefits of achieving a true security data lake, explain the previous barriers that companies have faced, and describe a new approach which is allowing companies to achieve the vision, and finally put the Security Data Lake at the heart of their overall Security Architecture.

    8:15 am
    AI-Powered Incident Response
    • session level icon
    speaker photo
    Regional Sales Manager, SentinelOne
    speaker photo
    Sr. Sales Engineer - New England & Upstate NY, SentinelOne
    Registration Level:
    • session level iconOpen Sessions
    8:15 am - 8:55 am

    The SentinelOne platform unifies Prevention (EPP), Detection & Response (ActiveEDR), Fast Recovery, Incident Response Threat Hunting, and Security Suite features into a single-agent solution for modern Windows, Mac Linux and Kubernetes.

    In this overview we touch upon these high-level capabilities:

    • Prevention: Delivered using pre-execution Static AI technologies that replace signatures. Used to detect file-based malware in PE, PDF, and Microsoft Office files.
    • Detection: Delivered using on-execution Behavioral AI technologies that detect anomalous actions in real time at the endpoint without cloud reliance. Used to detect fileless attacks, exploits, bad macros, evil scripts, cryptominers, ransomware and other attacks.
    • Response: Delivered in milliseconds to shutdown attacks thereby reducing dwell time to near zero. Includes alert, kill, quarantine, and network containment.
    • Recovery: One-click reversal (remediation) of unwanted changes, Windows rollback to recover data, remote shell.
    • Hunting: Delivered as a supplement to Prevention/Detection/Response for organizations that need advanced IoC and artifact hunting capability.
    9:00 am
    [Opening Keynote] Fireside Chat with Pentesters Arrested for Doing Their Job
    • session level icon
    speaker photo
    Directing, Center of Excellence for Red Team, Social Engineering, and Physical Penetration Testing, Coalfire
    speaker photo
    Sr. Security Consultant, Coalfire
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am

    When an Iowa Sheriff arrested Coalfire pentesters Gary DeMercurio and Justin Wynn on the job, it sent shockwaves through the cybersecurity community. The two InfoSec professionals faced felony charges, jail time, and the possibility of a criminal record for doing what they were hired to do. And information security professionals faced a possible chilling effect around a common strategy for testing defenses. Now, Gary and Justin will tell their story on the SecureWorld New England virtual stage during a candid fireside chat. They will take us through what happened to them and share what they learned in the process.

    For more background, read our original news story here.

    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:00 am
    Location / Room: Exhibitor Floor

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:00 am
    Using the CIS Controls to Measure and Support Your Security Program
    • session level icon
    speaker photo
    Election Security Partnership Program Manager, Office of the Secretary, Commonwealth of Massachusetts
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am
    In this session, you will learn what the CIS Controls are, why people use them, and how they can be used to grade the maturity of your security program. This will help you shape your security budget for the next few years.

    Presentation Level: MANAGERIAL (security and business leaders)

    10:00 am
    Big-Game Ransomware Attack Simulation and SolarWinds Response
    • session level icon
    speaker photo
    Field CTO, Varonis
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    The SolarWinds supply chain compromise opened a hard-to-detect backdoor for one of the world’s most advanced threat actors to steal data and establish persistence. This is the stealthiest attack we’ve ever seen. Let’s ensure you’re protected.

    Join us to see exactly how a big-game ransomware attack works and how to defend against it. Ransomware gangs dwell in networks for months, stealing data and leaving backdoors before they start dropping ransom notes. We’ll teach you how big-game ransomware gangs operate and showcase common tactics, techniques, and procedures (TTPs) that will help you prepare for an attack.

    10:00 am
    Incredible Email Hacks You'd Never Expect and How You Can Stop Them
    • session level icon
    speaker photo
    Data-Driven Defense Evangelist, KnowBe4
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am
    Location / Room: 103

    If you think the only way your network and devices can be compromised via email is phishing, think again!

    A majority of data breaches are caused by attacks on the human layer, but email hacking is much more than phishing and launching malware. From code execution and clickjacking to password theft and rogue forms, cybercriminals have more than enough email-based tricks that mean trouble for your InfoSec team.

    In this webinar Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist and security expert with over 30-years of experience, explores many ways hackers use social engineering and phishing to trick your users into revealing sensitive data or enabling malicious code to run.

    Roger will show you how hackers compromise your network. You’ll also see incredible demos including a (pre-filmed) hacking demo by Kevin Mitnick, the World’s Most Famous Hacker and KnowBe4’s Chief Hacking Officer.

    Roger will teach you:

    • How remote password hash capture, silent malware launches and rogue rules work
    • Why rogue documents, establishing fake relationships and tricking you into compromising your ethics are so effective
    • The ins and outs of clickjacking
    • Actionable steps on how to defend against them all

    Email is still a top attack vector cybercriminals use. Don’t leave your network vulnerable to these attacks.

    10:00 am
    The Challenge of Detecting Threats in the Cloud
    • session level icon
    speaker photo
    VP of Solutions, Securonix
    Registration Level:
    • session level iconOpen Sessions
    10:00 am - 10:30 am

    Detecting threats in the cloud presents several challenges: dealing with new technologies and facing new threat scenarios, exacerbated by the COVID-19 accelerated cloud adoption. Gartner indicates that organizations have been expanding their adoption of cloud security-oriented tools, such as Cloud Security Posture Management (CSPM) and Cloud Access Security Broker (CASB), as they try to keep cloud-related threats under control. However, not all organizations have an interest in adopting all these added technologies, and even when they do, the challenge of integrating them into their security monitoring infrastructure remains.

    Join this discussion to learn:

    • What are the differences between traditional threats and cloud threats?
    • How to align your security monitoring architecture to the new cloud monitoring requirements
    • How to optimize cloud security monitoring with a cloud-first SIEM approach
    10:30 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:30 am - 10:45 am

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:45 am
    Connected Devices Need Connected Teams
    • session level icon
    speaker photo
    CISO, SPX Corporation
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    IoT security is a growing concern as the number of connected devices increases. California, Oregon, and the EU now regulate the security of IoT devices. Leveraging compliance to create IT/Security partnership with Engineering, Application, and R&D teams is an opportunity to create successes for your business.

    Presentation level: MANAGERIAL (security and business leaders)

    10:45 am
    A Critical Look at the Security Posture of the Fortune 500
    • session level icon
    speaker photo
    Sr. Director, Chief Security Data Scientist, Rapid7
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    The global pandemic has brought many changes to the IT landscape of corporations across the globe. To see how this has impacted the “best of the best,” Rapid7 Labs has reprised its seminal industry cyber exposure research from 2018 to see how the security posture of Fortune 500 organizations has evolved (or devolved), and to present solid advice to CISOs and practitioners looking to improve their cybersecurity practices.

    10:45 am
    Get Beyond Compliance and Achieve Real Data Security
    • session level icon
    speaker photo
    SVP, Strategy and Imperva Fellow, Imperva
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    To keep pace with the database activity explosion that has accompanied recent rapid technology innovations, organizations must rethink their strategy for securing their data assets. A strategy designed to meet compliance requirements is not enough. Organizations need to develop new approaches that augment traditional agent-based monitoring to achieve real data security today and in the future.

    We’ll provide insight into how you can automate data collection and monitoring so you may apply more resources to identifying non-compliant behavior and orchestrating rapid responses, regardless of where your data is or the size of your data estate.

    10:45 am
    The Cybersecurity Hangover: Why We're Still Recovering from the Attack on SolarWinds
    • session level icon
    speaker photo
    Director, Technology & Strategy / Deputy CTO, BitSight
    Registration Level:
    • session level iconOpen Sessions
    10:45 am - 11:15 am

    The attack on SolarWinds and ensuing trojaning of the Orion Network Management product had a potential effect on every organization on the planet. IT teams scrambled to determine if Orion was installed on their infrastructure, whether they’d upgraded to the trojaned version at any point, and if the attackers had targeted them for second stage compromise. Even today, BitSight is observing signs that organizations still haven’t reconciled their security posture, and we’re working with organizations to identify their exposure.

    Join us to learn where organizations could have better prepared for a supply chain attack and the practices you need to put in place to be able to respond to incidents ranging from a global supply chain attack to nuisanceware.

    11:15 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 11:30 am

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    11:30 am
    Healthcare Digital Disruption—the Unexpected COVID-19 Outcome
    • session level icon
    speaker photo
    CISO, Steward Health Care
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm
    11:30 am
    Aligning with the Business: Where Are We Going Wrong?
    speaker photo
    President, ISSA International; CISO, NeuEon
    Registration Level:
    11:30 am - 12:00 pm

    Many in our profession now operate under a “business enablement” mindset. We recognize the fact that we must align security efforts with the needs of the business or we will continue towards becoming irrelevant. But what does “aligning with the business” really mean? Candy Alexander, CISO of NeuEon and ISSA International President, believes we may be misunderstanding this concept and applying it incorrectly within our organization. Attend this session for an honest and possibly controversial take on aligning security with the business.

    11:30 am
    The Implementation Journey of Zero Trust and SASE: Realizing the Benefits
    • session level icon
    speaker photo
    VP, CSO - Cloud Security Transformation, Netskope
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    Most organizations have a hybrid implementation of cloud and on-prem services. With the rapid adoption of business digitalization and expanding remote work force, how do we consolidate controls and enhance the security of the systems?

    In this hybrid mode, enterprises need speed, visibility, security, and reliability without compromise. Enter the secure access service edge, better known as SASE. It’s inevitable that SASE implementations and Zero Trust implementations will provide a more comprehensive security capability to truly support digital transformation. How can your organization best position itself for the transition?

    In this session, James Christianson will discuss:
    ·  How to migrate your security controls to take advantage of SASE
    ·  Reducing cost while increasing your security posture
    ·  Implementing a road map for SASE / Zero Trust

    11:30 am
    A Modern Approach to Information Protection
    • session level icon
    speaker photo
    Sr. Director, Enterprise Security Strategy, Proofpoint
    Registration Level:
    • session level iconOpen Sessions
    11:30 am - 12:00 pm

    Data Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations—especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021?

    12:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:15 pm

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    12:15 pm
    The Medical Internet of Things: How to Manage What Historically Has Been Unmanaged
    • session level icon
    speaker photo
    Sr. Security Engineer, Boston Scientific
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    The medical device landscape is rapidly changing. Clinicians and Health Delivery Organizations are increasingly demanding that medical devices be connected. Why do we want to connect these devices? How do we do it securely? What challenges does this present? Dave Presuhn will discuss how to ensure your medical devices survive in the jungle that we call a network.

    12:15 pm
    Cyber Incidents, Forensics, and Insurance: Are All Three up to Snuff?
    • session level icon
    speaker photo
    Director, Audit and Compliance, CipherTechs, Inc.
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    2020 was the year of ransomware and the pandemic, and many organizations realized their IR wasn’t up to snuff, and others did not listen to external professionals helping and were re-compromised. Have you really tested your Incident Response processes? How about having a detailed post-mortem after an event? Have you looked at your cyber insurance policy to see who you are supposed to be using for assistance? This session will review going through an actual incident and what was good and what was missing in the recovery, alerting (oops, the customers are involved), and finding the root cause, and whether cyber insurance was worth it.

    12:15 pm
    The Three Most Crucial Words in Digital Transformation
    • session level icon
    “Machine Identity Management” and How It Secures Our Digital Transformation Journeys
    speaker photo
    Director of Product, Venafi
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    Nothing has been more disruptive to the landscape of the financial services industry than digital transformation, defined as “the process of using digital technologies to create new—or modify existing—business processes, culture, and customer experiences to meet changing business and market requirements.” In this session, we’ll demonstrate how all digital transformation efforts rely, ultimately, on machines, whether those are virtual and serverless systems, containers and applications, or IoT and end-user devices.

    We’ll also show how a whole new security category has arisen—what Gartner calls Machine Identity Management—to instantly and dynamically protect the tens of thousands of machine identities driving digital transformation. Lastly, we’ll show how Visibility, Intelligence, and Automation are the building blocks you need to design and implement a Machine Identity Management program that bridges current practices and the emerging technologies of the future.

    12:15 pm
    [Panel] Ransomware, BEC Attacks, and Insider Threats - What's Next?
    • session level icon
    speaker photo
    Chief Security Advisor, SentinelOne
    speaker photo
    Chief Product Officer, Egress Software Technologies Ltd
    speaker photo
    Data-Driven Defense Evangelist, KnowBe4
    speaker photo
    Principal Threat Research Engineer, LogRhythm
    speaker photo
    Sr. Presales Systems Engineer, Arctic Wolf Networks
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm

    Even a pandemic didn’t slow the roll of hackers and other nefarious groups. Ransomware and BEC attacks are at an all-time high, and insider threats (malicious and unknowing) are on the rise, as well. It seems if a dollar is to be had, someone is trying to take it. So, how do we arm our clients, partners, and coworkers with the tools they need to identify these next-level threats?

    12:15 pm
    [Executive Roundtable] 5G and the Impact to Your Business
    • session level icon
    speaker photo
    Sr. Principal, Security Risk Management, Verizon
    Registration Level:
    • session level iconVIP / Exclusive
    12:15 pm - 1:00 pm

    Discussion forum for executive leaders and SecureWorld Advisory Council members (10-15, invite only).

    Moderated by David Dumas of Verizon, the discussion will center on 5G networking and a better understanding of what 5G can do to positively revolutionize your business. Use cases in various industry sectors will be covered.

    1:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:00 pm - 1:15 pm

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:15 pm
    Teaching Others to Hike in the Cybersecurity Wilds
    • session level icon
    speaker photo
    Director, Information Security, Risk & Compliance, Columbia Sportswear
    speaker photo
    Senior Manager, InfoSec Awareness and Analytics, Columbia Sportswear
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    Every hike takes you to new places, but the basics of hiking are the same: good shoes, a map, and a trailhead. Building a strong cybersecurity awareness program is no different. Let us take you on our journey of how we built a cybersecurity oriented culture, and how you know it’s working.

    1:15 pm
    Cybersecurity and Monitoring for the Year 2021
    • session level icon
    speaker photo
    Sr. Security Consultant, Gigamon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    We all must acknowledge that we are in a pandemic of cyberattacks, in a world of an ever-increasing attack surface, with no one single technological vaccine.

    In this session by Gigamon, we will discuss practical, real-world approaches to providing continuous visibility in your complex attack surface, allowing you to combat the threat landscape and therefore increase your confidence in your security posture.

    1:15 pm
    [Panel] Workforce 2.0: The New Normal
    • session level icon
    speaker photo
    Director of Solutions Engineering, BeyondTrust
    speaker photo
    CMO, Siemplify
    speaker photo
    SLED CTO & Chief IT Architect, Tanium
    speaker photo
    Sr. Director, Product Management, Synopsys
    speaker photo
    Director of Engineering Services, Nexum, Inc.
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    Our panelists will discuss the continued challenges with managing the remote workforce securely. Whether people go back to an office again is up in the air, but InfoSec and Operations must have processes and technology in place to keep the business running with an acceptable risk. Bring your questions for our panel.

    1:15 pm
    [Panel] Let's Talk About Clouds
    • session level icon
    speaker photo
    Director of Technology - Office of the CTO, Imperva
    speaker photo
    Sr. Cybersecurity Solutions Architect, Securonix
    speaker photo
    M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University
    speaker photo
    Major Accounts Systems Engineer, Palo Alto Networks
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm

    It’s been a year now since many companies were forced to adopt cloud services or perish. For many, this was a huge shift and a leap of faith. This discussion will cover lessons learned, positives we have uncovered, and some of the new alphabet soup relating to cloud—CASB, SaaS, IaaS, etc.

    1:15 pm
    [Executive Roundtable] Third-Party Risk in a Pandemic: Is It Worth It?
    • session level icon
    speaker photo
    Co-Founder & Managing Partner, XPAN Law Partners
    Registration Level:
    • session level iconVIP / Exclusive
    1:15 pm - 2:00 pm

    Discussion forum for executive leaders and SecureWorld Advisory Council members (10-15, invite only). Moderated by Rebecca Rakoski.

    2:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:15 pm

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:15 pm
    [Closing Keynote] Digital Extortion Drama: Deconstructing the Ransomware Response Lifecycle
    • session level icon
    speaker photo
    Co-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane LLP
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm

    This session is part drama and part virtual tabletop exercise. Cyber attorney Shawn Tuma will make the lifecycle of a successful ransomware attack come alive. From initial discovery and ransom negotiation, to IR team activation, to data recovery and restoration, all the way through the process to lingering litigation. Attend this session to more fully understand the impact a ransomware attack can create for any organization, including yours.

    3:15 pm
    [PLUS Course] Data Privacy and Security: Essentials for an Evolving Legal Landscape
    • session level icon
    Session 3 – Data Subject Rights: Complying Across Regulatory Frameworks
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconSecureWorld Plus
    3:15 pm - 4:45 pm

    This in-depth training course will provide an administrative, legal, and technical overview of the Privacy and Security Legal Landscape, with operational tools to address the changing regulatory and legal landscape. Attendees qualify for 5 CPE credits (11 total with conference attendance).

    The three sessions will include hands-on exercises to demonstrate the best approach to the dynamic legal requirements in the cyber and privacy space. The sessions will involve a deep dive into the requirements of the Federal Trade Commission (FTC), California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the New York SHIELD Act, and the European Union’s General Data Protection Regulation (GDPR), as well as standards including the NIST Privacy Standard and the ISO Privacy Standards.

    Session 3 – Data Subject Rights: Complying Across Regulatory Frameworks

    Data subjects have numerous rights under data protection regulations, including the CCPA and GDPR. Being able to address those rights effectively and efficiently in the appropriate time frame and manner is a key element to compliance with those regulations. In this session, we will demonstrate how an organization can integrate administrative and technical controls to address Data Subject requests. Providing a hands-on approach, participants will walk through several data subject requests and work through the administrative and technical mechanisms to address those requests.

Exhibitors
  • Arctic Wolf Networks
    Booth:

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOC™ service is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting, and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit  https://www.arcticwolf.com.

  • Armis, Inc
    Booth:

    Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust Armis’ unique out-of-band sensing technology to discover and analyze all managed and unmanaged devices, analyze endpoint behavior to identify risks and attacks, and protect information and systems.

  • BeyondTrust
    Booth:

    BeyondTrust is the worldwide leader in Privileged Access Management (PAM), empowering organizations to secure and manage their entire universe of privileges. Our integrated products and platform offer the industry’s most advanced PAM solution, enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments.

    The BeyondTrust Universal Privilege Management approach secures and protects privileges across passwords, endpoints, and access, giving organizations the visibility and control they need to reduce risk, achieve compliance, and boost operational performance. We are trusted by 20,000 customers, including 78 of the Fortune 100, and a global partner network.

  • BitSight
    Booth:

    BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog, or follow @BitSight on X.

  • ChaosSearch
    Booth:

    ChaosSearch delivers on the true promise of data lakes, instantly turning a company’s own cloud object storage into a hot, robust, streamlined analytics engine. We make it surprisingly easy for businesses to gain insights from terabytes to petabytes of data, quickly and at minimal cost. Founded in 2017, ChaosSearch is headquartered in Boston, MA.

  • Checkmarx Inc.
    Booth:

    Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.

  • Code42
    Booth:

    Code42 is the leader in insider risk detection, investigation and response. Native to the cloud, Code42 rapidly detects data loss, leak, theft and sabotage as well as speeds incident response – all without lengthy deployments, complex policy management or blocking employee productivity. With Code42, security professionals can protect corporate data from insider threats while fostering an open and collaborative culture for employees. Backed by security best practices and control requirements, Code42’s insider threat solution can be configured for GDPR, HIPAA, PCI and other regulatory frameworks.

  • DeSales University Cyber Security Program
    Booth:

    DeSales University offers an exciting digital forensics certificate program, composed of four courses, that teaches students how to recover evidence from various types of electronic devices. Students receive hands-on experience with popular forensic tools and are prepared to address the legal and investigative issues involved with seizing and handling digital evidence. Graduates of the certificate program can add more courses toward a master’s degree in criminal justice or information systems. All courses are online, allowing students with busy schedules greater flexibility.

  • Egress Software Technologies
    Booth:

    Egress Software Technologies Ltd is a UK-based software company. It provides a range of data security services designed to protect shared information throughout its lifecycle, offering on-demand security for organisations and individuals sharing confidential information electronically.

  • Gigamon
    Booth:

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • Imperva
    Booth:

    Imperva is a leading provider of data and application security solutions that protect business-critical information in the cloud and on-premises. Cybercriminals constantly change their tactics. But what they are after, and how they ultimately make money, doesn’t change. They are after data. They make their money through extortion, via DDoS and ransomware, and through theft via data breaches. Today, data and applications are the fundamental assets of any enterprise. Data are the intellectual property and apps are what run the business. Imperva has a singular purpose: protect these critical assets from the ever-changing attacks of the cybercrime industry.

  • ISC2 Eastern Massachusetts
    Booth:

    Advancing Information Security One Community at a Time
    As anyone seriously involved in the information security profession can attest, peer networking is an invaluable resource. ISC2 Eastern Massachusetts Chapter provide members with the opportunity to build a local network of peers to share knowledge, exchange resources, collaborate on projects, and create new ways to earn CPE credits!

  • ISSA New England
    Booth:

    The Information Systems Security Association (ISSA) is an international organization providing educational forums, publications, and peer interaction opportunities that enhance the knowledge, skills, and professional growth of its members’ information security professionals. The primary goal of ISSA is to promote management practices that will ensure availability, integrity, and confidentiality of organizational resources.

    Since its inception in 1982, ISSA’s membership has grown to include more than 100 chapters around the world with members who represent a diverse collection of organizations, including major U.S. and international corporations, leading consulting firms, world-class educational institutions, and government agencies. From EDP audit and corporate security to contingency planning and disaster recovery, ISSA members are committed to protecting their organizations’ assets and resources.

    Visit the National Headquarter’s website at www.issa.org.

  • KnowBe4
    Booth:

    We are a leader in the Gartner Magic Quadrant and the fastest-growing vendor in this space.

    KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.

    The KnowBe4 platform is user-friendly and intuitive. It was built to scale for busy IT pros that have 16 other fires to put out. Our goal was to design the most powerful, yet easy-to-use platform available.

    Customers of all sizes can get the KnowBe4 platform deployed into production twice as fast as our competitors. Our Customer Success team gets you going in no time, without the need for consulting hours.

  • LogRhythm
    Booth:

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • Netskope
    Booth:

    The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.

  • Nexum
    Booth:

    Nexum, Inc. is a cybersecurity and networking company that builds and secures global networks for organizations across multiple verticals around the world. In addition to its Chicago headquarters, Nexum has sales, training and support presence in Kentucky, Michigan, New Hampshire, Ohio, and Wisconsin, as well as the Security and Network Operations Command Centers (SNOCC) in New Mexico and Illinois.

  • Okta
    Booth:

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • Palo Alto Networks
    Booth:

    Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.

  • PCYSYS
    Booth:

    Focused on the inside threat, Pcysys’ automated penetration-testing platform mimics the hacker’s attack – automating the discovery of vulnerabilities and performing ethical exploits, while ensuring an undisrupted network operation. Detailed reports are produced together with proposed remediations, one step ahead of tomorrow’s malicious hacker.

  • Proofpoint
    Booth:

    Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.

    Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.

  • Rapid7
    Booth:

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • Recorded Future
    Booth:

    Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.

  • Securonix
    Booth:

    Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.

  • SentinelOne
    Booth:

    SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.

  • Siemplify
    Booth:

    The  Siemplify  team is comprised of cyber-security professionals, veterans of Israeli intelligence agencies. We bring rich experience in security analysis,  management  and operations and are backed by experts in data science and applied mathematics.

    WE BELIEVE In the modern world of cyber threat analysis, investigation and management should be more holistic, intuitive and simple. Technology and data science should serve cyber security experts by providing all the relevant information about the threat in real-time and focus them  in  rapid decision making.

  • Synopsys
    Booth:

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • Tanium
    Booth:

    Tanium defends every team, endpoint and workflow against the largest attack surface in history by delivering the industry’s first convergence of IT management and security operations with a single platform under a new category, Converged Endpoint Management (XEM).

    The integrated offering links IT operations, security and risk teams from a single pane of glass to provide a shared source of truth, a unified set of controls, and a common taxonomy that brings together siloed teams for a shared purpose—to protect critical information and infrastructure.

    For more information, visit: https://www.tanium.com.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Varonis Systems, Inc.
    Booth:

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • Venafi
    Booth:

    Venafi is the cybersecurity market leader in machine identity management, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise—on premises, mobile, virtual, cloud and IoT—at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

    With more than 30 patents, Venafi delivers innovative solutions for the world’s most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms;  four of the top five U.S. retailers; and the top four banks in each of the following countries: the U.S., the U.K., Australia and South Africa. Venafi is backed by top-tier investors, including TCV, Foundation Capital, Intel Capital, QuestMark Partners, Mercato Partners and NextEquity.

    For more information, visit: www.venafi.com.

  • Women in CyberSecurity (WiCyS)
    Booth:

    Women in CyberSecurity (WiCyS) is the premier nonprofit organization with international reach dedicated to bringing together women in cybersecurity. Founded by Dr. Ambareen Siraj from Tennessee Tech University through a National Science Foundation grant in 2013, WiCyS offers opportunities and resources for its members and collaboration benefits for its sponsors and partners. The organization’s founding partners are Cisco, Facebook and Palo Alto Networks. WiCyS’ strategic partners include Amazon Web Services, Bloomberg, Cisco, Equifax, Facebook, Google, HERE Technologies, IBM, Lockheed Martin, Nike, Optum, Palo Alto Networks, PayPal, SANS Institute, Target, and University of California San Diego. To learn more about WiCyS, visit https://www.wicys.org.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Tom Bechtold
    Digital Event Director, SecureWorld

    Tom has been part of the SecureWorld team for over 14 years. He has launched several of the regional conferences we hold today. Tom is currently responsible for SecureWorld Digital, which provides educational content to the SecureWorld audience. He produces, executes, and moderates the majority of the Remote Sessions webcasts while also working closely with the SecureWorld event directors to build relevant agendas at the regional conferences.

  • speaker photo
    Candy Alexander
    President, ISSA International; CISO, NeuEon

    Ms. Alexander has over 30 years of experience in the cybersecurity profession. She has held several positions as CISO (Chief Information Security Officer) for which she developed and managed corporate security programs. She is now working as a CISO and Cyber Risk Practice lead for NeuEon, Inc., assisting companies large and small to improve their cyber risk and security programs through effective business alignment.

    Ms. Alexander is a leader within the cyber profession, where her contributions include being twice-elected as Information Systems Security Association's (ISSA) International President, chief architect for the Cyber Security Career Lifecycle, and a long-standing Director on the International Board. She is also the inaugural President and past Board Member of the ISSA Education and Research Foundation. She has been instrumental in establishing the annual ISSA/ESG research project to better understand challenges face by cybersecurity professionals worldwide.

  • speaker photo
    David Dumas
    Sr. Principal, Security Risk Management, Verizon

    David Dumas, CISSP, CISM, ISSA Distinguished Fellow, is a Senior Principal in Security Risk Management for Verizon's Wireline Security Operations group. He has 32 years in the security field, working at Digital Equipment and Verizon. He has been on the ISSA New England Chapter Board since 1998.

  • speaker photo
    Riley Bruce
    Security Community Evangelist, Manager, Code42

    Riley is a Security Community Evangelist at Code42, where he enjoys educating Security and IT teams through engaging technical content and presentation. Previously, Riley served in both customer support and customer education roles at Code42. In his spare time, he enjoys photography, travel, and relaxing at the lake in northern Wisconsin with his pug Mimi.

  • speaker photo
    Dave Armlin
    VP, Solution Architecture, ChaosSearch
  • speaker photo
    Brad Thompson
    Regional Sales Manager, SentinelOne
  • speaker photo
    Brendan Miles
    Sr. Sales Engineer - New England & Upstate NY, SentinelOne
  • speaker photo
    Gary DeMercurio
    Directing, Center of Excellence for Red Team, Social Engineering, and Physical Penetration Testing, Coalfire

    Gary DeMercurio runs one of the largest groups in Coalfire Labs as a Director, where he leads Coalfire’s “Center of Excellence” for Red Teaming, Social Engineering and Physical Penetration. At Coalfire, Gary manages day-to-day business involved with FedRAMP, PCI, HIPPA, and penetration testing, while helping to spearhead the physical and social engineering portion of testing. Gary is also a proud member of Coalfire Veterans.

  • speaker photo
    Justin Wynn
    Sr. Security Consultant, Coalfire

    As a Senior Security Consultant, Justin Wynn is responsible for actively compromising and reporting on virtual environments typically encountered at Fortune 500 companies. Justin performs wireless, physical, red team and social engineering engagements. Justin also conducts research to include the production of open-source models for printing/milling to aid in red team engagements, with specific regard to tool gaps in the locksport industry as well as master keys for access control/elevator overrides.

  • speaker photo
    Mike Ste Marie
    Election Security Partnership Program Manager, Office of the Secretary, Commonwealth of Massachusetts

    Mike has over 17 years of experience in the Information Security field, working in multiple industries around the Boston area. He has helped build and improve information security programs, deploy and manage awareness training to over 1,000 staff members, as well audit networks against the CIS Controls. He holds the CISSP certification, has a Masters in Information Assurance from Norwich University and has been a long time member of the Secureworld Boston Advisory Council.

  • speaker photo
    Brian Vecci
    Field CTO, Varonis

    As Field CTO at Varonis, Brian supports a wide range of security and technology initiatives by helping Varonis’ customers and partner get the most out of the company’s products. In his 20-year technical career, Brian served as a developer, tech architect, engineer and product manager for companies in financial services, legal, and cybersecurity. Brian joined Varonis in 2010 in technical marketing, led education and development, and now serves as the company’s Field CTO. He holds a CISSP certification and frequently speaks on topics related to security and technology. He has been quoted in news sources ranging from The Financial Times to Dark Reading and has made multiple appearances on CNBC. Brian holds a Bachelor’s Degree from The New School in New York City and graduated from The Lakeside School in Seattle, Washington.

  • speaker photo
    Roger Grimes
    Data-Driven Defense Evangelist, KnowBe4

    Roger Grimes is a 30-year computer security consultant, instructor, holder of dozens of computer certifications and an award-winning author of 10 books and over 1,000 magazine articles on computer security. He has worked at some of the world’s largest computer security companies, including Foundstone, McAfee and Microsoft. Grimes holds a bachelor’s degree from Old Dominion University. He has been the weekly security columnist for InfoWorld and CSO magazines since 2005.

  • speaker photo
    Augusto Barros
    VP of Solutions, Securonix
  • speaker photo
    Lisa Tuttle
    CISO, SPX Corporation

    Lisa Tuttle has served as an executive leader of global organizations, managing technology teams with her engaging enthusiasm and unique combination of information security, privacy, legal, compliance, project management and business management expertise. As CISO of SPX Corporation, she provides technology vision and strategic leadership for the company's IT security, directory services, privacy/compliance, project/change management, and contracts/vendor management programs. She excels at partnering with IT and Business teams, mentoring Women in Technology and encouraging STEM education.

  • speaker photo
    Bob Rudis
    Sr. Director, Chief Security Data Scientist, Rapid7

    Bob Rudis has over 20 years of experience using data to help defend global Fortune 100 companies and is currently [Master] Chief Data Scientist at Rapid7, where he specializes in research on internet-scale exposure. He was formerly a Security Data Scientist & Managing Principal at Verizon, overseeing the team that produces the annual Data Breach Investigations Report. Bob is a serial tweeter (@hrbrmstr), avid blogger (rud.is), R (#rstats) avunculur, author (Data-Driven Security), speaker, and regular contributor to the open source community.

  • speaker photo
    Terry Ray
    SVP, Strategy and Imperva Fellow, Imperva

    Terry Ray is the SVP and Imperva Fellow for Imperva Inc. As a technology fellow, Terry supports all of Imperva’s business functions with his years of industry experience and expertise. Previously he served as Chief Technology Officer where he was responsible for developing and articulating the company’s technical vision and strategy, as well as, maintaining a deep knowledge of the Application and Data Security Solution and Threats Landscape.

    Earlier in his tenure at Imperva, he held the role of Chief Product Strategist where he consulted directly with Imperva’s strategic global customers on industry best practices, threat landscape, application and data security implementation and industry regulations. He continues to operate as an executive sponsor to strategic customers who benefit from having a bridge between both company’s executive teams. He was the first U.S.-based employee, and during his 15 years at Imperva, he has worked hundreds of data security projects to meet the security requirements of customers and regulators from every industry.

    Terry is a frequent speaker for RSA, ISSA, OWASP, ISACA, IANS, CDM, NLIT, The American Petroleum Institute, and other professional security and audit organizations in the Americas and abroad. Terry also provides expert commentary to the media and has been quoted in Security Week, SC Magazine, CBS News, the BBC, and others.

  • speaker photo
    Chris Poulin
    Director, Technology & Strategy / Deputy CTO, BitSight

    Chris is Director of Technology & Strategy, as well as the Deputy CTO, at BitSight Technologies, guiding enterprises in assessing risk metrics and managing third-party relationships. He's been in cybersecurity for over 35 years, in both technical roles as a developer for the DoD intelligence community, and in executive positions, such as CSO for Q1 Labs and CEO of his own boutique consultancy. He's spent time in both the startup community and at established companies, such as IBM and Booz Allen Hamilton. Chris brings this breadth of experience to customers, clients, and the stage.

  • speaker photo
    Esmond Kane
    CISO, Steward Health Care

    Esmond Kane brings more than two decades of expertise as a distinguished leader in information security, safeguarding vital sectors. With a rich leadership background at prestigious institutions like Harvard University, Mass General Brigham, and Steward Health Care, he also serves on the advisory boards of multiple companies, providing valuable insights on cyber matters. Kane excels as a trusted consultant to top executives and founders, ensuring secure IT operations, regulatory compliance, and resilient design. His stellar track record is a testament to his recognized authority in the field.

  • speaker photo
    Candy Alexander
    President, ISSA International; CISO, NeuEon

    Ms. Alexander has over 30 years of experience in the cybersecurity profession. She has held several positions as CISO (Chief Information Security Officer) for which she developed and managed corporate security programs. She is now working as a CISO and Cyber Risk Practice lead for NeuEon, Inc., assisting companies large and small to improve their cyber risk and security programs through effective business alignment.

    Ms. Alexander is a leader within the cyber profession, where her contributions include being twice-elected as Information Systems Security Association's (ISSA) International President, chief architect for the Cyber Security Career Lifecycle, and a long-standing Director on the International Board. She is also the inaugural President and past Board Member of the ISSA Education and Research Foundation. She has been instrumental in establishing the annual ISSA/ESG research project to better understand challenges face by cybersecurity professionals worldwide.

  • speaker photo
    James Christiansen
    VP, CSO - Cloud Security Transformation, Netskope

    James Christiansen is Netskope’s vice president of cloud security transformation and leader of the Global Chief Strategy Office. He is focused on enhancing Netskope’s global clients understand the challenges and solutions of cloud deployments by helping drive thought leadership in cloud security transformation.

    James brings extensive expertise as a global leader in information security. Prior to joining Netskope, he was vice president CISO at Teradata where he led the global security, physical, and information security teams. Previously, James was vice president of information risk management at Optiv, chief information risk officer for Evantix, and CISO at Experian Americas, General Motors, and Visa International.

    As a sought-after expert speaker on security, James has been featured at numerous prestigious events, including the Business Roundtable, Research Board, American Bar Association, American Banker, the RSA Conference, BankInfoSecurity, ISSA, ISACA, HIMSS, and MIS Training Institute. He has also been featured in The New York Times and quoted as an expert in USA Today, The Wall Street Journal, Reuters, United States Cybersecurity Magazine, Bloomberg, and Healthcare IT News.

    James is a patent inventor and has received three innovation awards in cyber security, GRC, and cloud computing. He is the author of the Internet Survival Series and contributing author of CISO Essentials, as well as numerous industry papers.

  • speaker photo
    Mike Stacy
    Sr. Director, Enterprise Security Strategy, Proofpoint

    Mike works with customers and oversees technical strategy for areas which include cloud security, advanced email defense, SOAR, browsing security, and SDP. Prior to joining Proofpoint, Mike held numerous technical leadership and product strategy roles across a variety of solutions.

  • speaker photo
    Dave Presuhn
    Sr. Security Engineer, Boston Scientific

    Dave has been working in IT since the last millennium. In his current role, he manages the device management system for medical devices. He has worked primarily in healthcare throughout his IT career.

  • speaker photo
    Sandy Bacik
    Director, Audit and Compliance, CipherTechs, Inc.

    Sandy Bacik, CISSP, ISSMP, CGEIT, CISA, CDPSE, PCI QSA, is CipherTechs’ Director Audit & Compliance, has over 20 years’ direct information security and operational experience in the areas of IT Audit and Compliance, BCP/DR, Incident Response, Physical security, Privacy, Regulatory Compliance and Audit, Policies/Procedures, Operations, and Management and is a former CISO. With an additional 15 years in Information Technology Operations. Ms. Bacik has been heavily involved with local, national, and international security industry events. Ms. Bacik is the author of Building an Effective Security Policy Architecture and a contributing author to the past years of Information Security Management Handbook.

  • speaker photo
    Michael Thelander
    Director of Product, Venafi

    Michael has a 20-year history in product marketing and product management, with a focus over the last seven years on cybersecurity. He held senior product marketing and product management roles at security leader Tripwire, and has other career highlights that include co-founding a successful startup and receiving patents for network technology. He loves to educate markets, tell stories that demonstrate value, play music, and on occasion fly small airplanes into active volcanoes.

  • speaker photo
    Morgan Wright
    Chief Security Advisor, SentinelOne

    Morgan is an internationally recognized expert on cybersecurity strategy, cyberterrorism, national security and intelligence. He currently serves as Chief Security Advisor for SentinelOne, Senior Fellow at The Center for Digital Government, and is the chief technology analyst for Fox News and Fox Business. Morgan's landmark testimony before Congress on Healthcare.gov changed how the government collected personally identifiable information. Previously Morgan was a Senior Advisor in the US State Department Antiterrorism Assistance Program, the Senior Law Enforcement Advisor for the 2012 Republican National Convention, taught behavioral analysis at the National Security Agency and spent a year teaching the FBI how to conduct internet investigations. In addition to 18 years in state and local law enforcement as a highly decorated state trooper and detective, Morgan has developed solutions in defense, justice and intelligence for the largest technology companies in the world including Cisco, SAIC, Unisys and Alcatel-Lucent/Bell Labs.

  • speaker photo
    Sudeep Venkatesh
    Chief Product Officer, Egress Software Technologies Ltd

    Sudeep Venkatesh is a noted expert on data protection, bringing two decades of industry and technology experience in this area. His expertise spans the protection of data in both structured and unstructured data ecosystems, with an emphasis on solving real-world business problems through encryption, authentication and key management. He has an in-depth understanding of regulatory compliance standards, including the EU GDPR, PCI and NYDFS, etc. Sudeep has worked on numerous data security projects with Fortune 500 firms in the U.S., the U.K., and globally.

    At Egress, Sudeep works as Chief Product Officer with responsibility for product strategy, product management and the delivery of pre- and post-sales technical services to customers. Prior to this, he was the Global Head of Pre-sales for the Data Security division of Hewlett Packard Enterprise (HPE), leading a global team of Sales Engineers. Sudeep joined HPE through its acquisition of Voltage Security, where he was part of the executive team.

  • speaker photo
    Roger Grimes
    Data-Driven Defense Evangelist, KnowBe4

    Roger Grimes is a 30-year computer security consultant, instructor, holder of dozens of computer certifications and an award-winning author of 10 books and over 1,000 magazine articles on computer security. He has worked at some of the world’s largest computer security companies, including Foundstone, McAfee and Microsoft. Grimes holds a bachelor’s degree from Old Dominion University. He has been the weekly security columnist for InfoWorld and CSO magazines since 2005.

  • speaker photo
    Brian Coulson
    Principal Threat Research Engineer, LogRhythm

    As Principal Threat Research Engineer in LogRhythm Labs, Brian works to keep abreast of current cyberthreats and news, develop threat detection and response content, and demonstrate how we detect and respond to threats. In this role, he regularly engages with the LogRhythm Community and offers advice and solutions to remediate common security-related issues. He is also responsible for creating new content in the form of AI Engine rules, WebUI dashboards, and Kibana.

    Prior to starting at LogRhythm, Brian worked as lead information security engineer for a LogRhythm customer. He also used a number of other SIEMS and logging solutions throughout his time at the company. In this position, his day-to-day responsibilities included incident response, forensics, compliance, policy authoring, internal training, security architecture, and more.

    Brian has a Bachelor of Arts in Film and Video Art from the University of New Mexico.

  • speaker photo
    Todd Maillet
    Sr. Presales Systems Engineer, Arctic Wolf Networks
  • speaker photo
    David Dumas
    Sr. Principal, Security Risk Management, Verizon

    David Dumas, CISSP, CISM, ISSA Distinguished Fellow, is a Senior Principal in Security Risk Management for Verizon's Wireline Security Operations group. He has 32 years in the security field, working at Digital Equipment and Verizon. He has been on the ISSA New England Chapter Board since 1998.

  • speaker photo
    Brennan O'Brien
    Director, Information Security, Risk & Compliance, Columbia Sportswear

    Brennan is the head of Information Security for Columbia Sportswear Company and a 20-year veteran of cybersecurity in verticals including apparel, logistics, healthcare, and financial services.

  • speaker photo
    Rori Perkins
    Senior Manager, InfoSec Awareness and Analytics, Columbia Sportswear

    Rori is an expert in organizational change management with a focus on security awareness and driving human behavior.

  • speaker photo
    George J. Smith
    Sr. Security Consultant, Gigamon

    George has 35 years of industry experience planning, designing, installing, and analyzing LAN, WAN infrastructures, peripherals, and tools for wired and wireless infrastructures. An enthusiast for technology and customers alike, he keeps his skills sharp by looking around corners to see what technology and business challenges are coming down the road. Additionally, Smith has contributed to hardware and software R&D for high-technology companies, including General Electric, 3Com (acquired by HP), and Wang Labs.

    From an early stage, he was fortunate enough to be actively involved in the birth of IP/Ethernet-based networking, evolving WAN technologies, distributed communications, and hardware applications when groundbreaking efforts in computer communications were taking place. Smith was honored to be part of a team that ushered in the age of digital sports broadcasting and utility development.

    Smith is part of Covington's "Who's Who of Networking Professionals," Professional of the Year, and a VIP Member in good standing. Driven to stay ahead of change, Smith continually reinvents himself to keep pace with technology's fast-paced evolution. He has a passion for developing his ability to understand and explain complicated techniques and bringing out the business implications. He thrives on creating the ideal business solutions for his customers and enjoys the human side of networking by fostering long-term relationships. His vision and passion for technology and the solutions it provides enhance his abilities in the workforce.

    In his free time, George enjoys spending time with his family, flying aircraft, being in stage musicals and plays, and giving back to the community through volunteer efforts.

  • speaker photo
    Matt Smith
    Director of Solutions Engineering, BeyondTrust
  • speaker photo
    Nimmy Reichenberg
    CMO, Siemplify

    Nimmy Reichenberg oversees strategy and marketing for Siemplify, the leading independent provider of Security Orchestration, Automation, and Response (SOAR). A cybersecurity industry veteran, Nimmy has more than 15 years of experience helping enterprises around the world tackle their security challenges. Nimmy started his careers as a security engineer and held leadership positions at eSentire, AlgoSec, and NextNine. He is a frequent contributor to leading security publications including SC Magazine, Dark Reading, and Security Week, and has spoken at countless security conferences including the RSA Conference.

  • speaker photo
    Gary Buonacorsi
    SLED CTO & Chief IT Architect, Tanium
  • speaker photo
    Meera Rao
    Sr. Director, Product Management, Synopsys

    Ms. Meera Rao is a Senior Director of Product Management, focusing on DevOps solutions at Synopsys, Inc. Ms. Meera has over 20 years of experience in software development organizations in a variety of roles including Architect, Lead Developer, and Project Manager, and Security Architect. Ms. Meera has been working as a trusted adviser to Fortune 500 companies, helping them achieve realistic goals for practical CI/CD & DevSecOps. She advises organizations in defining, implementing, maturing, scaling and measuring DevSecOps. Ms. Meera is very passionate about getting more women working in the technology industry. Ms. Meera participates, presents, and speaks at several conferences, spreading her knowledge of security and the importance of women in the technology workforce. Meera was awarded the SecDevOps Trailblazer award from SecuritySerious in London in 2018. Meera was a finalist in the Computing Women in IT Excellence Awards 2019 for Role Model of the Year.

  • speaker photo
    Chandler Howell
    Director of Engineering Services, Nexum, Inc.
  • speaker photo
    Peter Klimek
    Director of Technology - Office of the CTO, Imperva
  • speaker photo
    David Swift
    Sr. Cybersecurity Solutions Architect, Securonix
  • speaker photo
    Moderator: Joe Walsh
    M.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University

    Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for 13 years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor's degree in Information Systems, a master's degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D. in Information Systems with a concentration in Cybersecurity.

  • speaker photo
    Richard Schunk
    Major Accounts Systems Engineer, Palo Alto Networks
  • speaker photo
    Rebecca Rakoski
    Co-Founder & Managing Partner, XPAN Law Partners

    Rebecca L. Rakoski is the managing partner at XPAN Law Partners, LLC. Rebecca advises her clients on a proactive, multi jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She uses her extensive experience to work with her clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.

    Rebecca counsels and aggressively defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. As an experienced litigator, Rebecca has handled hundreds of matters in state and federal courts. Rebecca skillfully manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to minimize her client's litigation risks.

    Rebecca regularly negotiates complex contractual provisions that are impacted by domestic and international data privacy regulations including the California Consumer Privacy Act of 2018, and the European Union's General Data Protection Regulation. She understands how the nature of the data can affect the role her client plays in the data transaction and uses that knowledge to mitigate corporate liability.
    As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section.

    Rebecca has been appointed and served in multiple highly complex litigation matters by the New Jersey Superior Court as a Special Master in the areas of technology and eDiscovery. She also served on the Complex Business Litigation Committee that drafted and revised the New Jersey Court Rules involving electronic discovery. Rebecca was on the eDiscovery committee of her prior law firm and created its eDiscovery subgroup.

    Rebecca is on the Board of Governors for Temple University Health Systems and is also the Acting Dean of Online Learning and an adjunct professor at Drexel University’s Thomas R. Kline School of Law.

  • speaker photo
    Shawn E. Tuma
    Co-Chair, Data Privacy & Cybersecurity Practice, Spencer Fane LLP

    Shawn Tuma is an internationally recognized cybersecurity, computer fraud and data privacy law attorney, areas in which he has practiced for two decades. He is Co-Chair of Spencer Fane’s Data Privacy & Cybersecurity Practice where he regularly serves as cybersecurity and privacy counsel advising a wide variety of businesses ranging from small and mid-sized companies to Fortune 100 enterprises. Shawn has been named a Cybersecurity Law Trailblazer by the National Law Journal, SuperLawyers Top 100 Lawyers in DFW, and Best Lawyers in Dallas. He serves as the Practitioner Editor for Bloomberg Law’s Texas Privacy & Data Security Law, among many other activities.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Learn and connect virtually

Join your InfoSec peers for high-quality training and collaboration. Sign up today!