- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Thursday, October 13, 20227:00 amRegistration openRegistration Level:
7:00 am - 4:30 pmLocation / Room: Registration Lobby
- Open Sessions
Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.8:00 amExhibitor Hall openRegistration Level:
8:00 am - 4:30 pmLocation / Room: Exhibitor Hall
- Open Sessions
Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.8:00 amAdvisory Council Roundtable Breakfast – (VIP / Invite only)Discussion Topic: Changing Landscape of Compliance and Regulatory RequirementsExecutive Director, Americas Region, CRESTRegistration Level:
8:00 am - 8:50 amLocation / Room: Liberty 3
- VIP / Exclusive
Tom Brennan will moderate a roundtable discussion of new compliance and regulatory requirements. One of the items covered will be the new CREST | OWASP Verification Standard: https://www.crest-approved.org/membership/crest-ovs-programme.
For our Advisory Council members only.9:00 am[Opening Fireside Chat] Re:Make the Pathway to Cybersecurity SuccessHead of Security, Riot GamesCISO, NFLCISO, JetBlue AirwaysGlobal Head of Cyber Resilience & Data Protection, BlackRockRegistration Level:
9:00 am - 9:45 amLocation / Room: Keynote Theater9:45 amNetworking BreakRegistration Level:
- Open Sessions
9:45 am - 10:15 amLocation / Room: Exhibitor Hall
- Open Sessions
Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.10:15 amWe're Becoming a Crypto BusinessRegistration Level:
10:15 am - 11:00 amLocation / Room: Liberty 5
- Conference Pass
So your business decided that they are adopting crypto. Cryptocurrencies, blockchain, decentralization, and Web 3.0 are going to disrupt your business beyond IT and security. Now what? This talk will cover where crypto touched my own career as a CISO, what has changed in the crypto space, and what is staying the same. The intent of this discussion is that attendees walk away with tools and knowledge to help you and your organization jump start on the impending crypto disruption.10:15 amSmall but Mighty: Building the Next Generation of Cybersecurity Professionals with Limited ResourcesRegistration Level:
10:15 am - 11:00 amLocation / Room: Riverside SuiteThere are simply not enough people in the field of information security. According to the U.S. Department of Commerce, there are over half a million unfilled cybersecurity jobs in the U.S. Around the world, that number swells to an estimated 3.5 million jobs unfilled.Unfortunately, business leaders are constrained in their investment in the next generation of security professionals; security is, ultimately, a cost center. How then, with our limited budgets, time, and energy, can leaders build the next generation of cybersecurity professionals? After all, the cybersecurity professionals that we hire and train today will be the grizzled veterans that we need in the future.This session tackles practical tips and industry-proven methods for finding, training, and benefiting from incredible junior-level cybersecurity professionals for your growing information security team.10:15 amDefeat the Modern Malicious Operation with XDRRegistration Level:
- Conference Pass
10:15 am - 11:00 amLocation / Room: Liberty 4
- Open Sessions
How do you find and end compromise no matter where it starts?
For today’s organizations, cybersecurity is more important and more challenging than ever before. Organizations must defend across multiple axes: endpoint, email & productivity, identity, and multi-cloud against a threat landscape that continues to blur between nation-state adversaries and cybercrime threat actors.
Just as you can’t assemble a jigsaw puzzle with only half–or less–of the pieces, you can’t detect and stop attacks effectively without the right integrations and workflows. Israel will share key learnings on attacks in 2022, critical integrations and use-cases, and what XDR architectures look like across enterprises and small businesses alike.
Join us to learn:
10:15 amBreaking the Ransomware Attack ChainRegistration Level:
- Why modern attack trends, including Account Takeover Attacks, MFA Fatigue, and Email Compromise, demands a new approach to security operations
- What is XDR? How should teams compare XDR to EDR, MDR, and SIEM approaches?
- Why Cybereason & Google Cloud have partnered to deliver XDR to customers today
10:15 am - 11:00 amLocation / Room: Liberty 2
- Open Sessions
Despite consistent increases in security spending, ransomware remains an ever-growing threat to businesses. Surprisingly, the ransomware itself, the malware that does the encryption, is only a part of a larger, equally dangerous, attack chain. Considering the entire chain offers defenders more opportunities to thwart the attack before mass encryption can occur.
In this session, we’ll provide details on how micro-segmentation can prevent adversarial techniques that precede and follow the deployment of ransomware itself. By turning our attention to the entire kill chain, a path towards minimizing the likelihood, impact, and recovery of ransomware time become clear.
In this session you will learn:
11:10 amThe Safeguards Rule UpdateRegistration Level:
- Practical steps you can take to disrupt the kill chain before ransomware can be deployed.
- How to map complex environments and expedite the path towards policy enforcement that drastically reduces the impact of ransomware.
- How advancements in host-based segmentation are helping businesses achieve an infrastructure that enables rapid remediation of ransomware events without disrupting business operations.
- How to leverage Mitre ATT&CK for a personalized SWOT analyses of your business against real world threats
11:10 am - 11:55 amLocation / Room: Liberty 2
- Conference Pass
The Safeguards Rule was designed to protect the security of customer information of financial institutions. It was created by the U.S. Federal Trade Commission (FTC) in support of the the Gramm Leach Bliley Act (GLBA) and went into effect in 2003. The original version of the Safeguards Rule was not very prescriptive and didn’t impose a significant compliance burden on financial institutions.
However, the Safeguards Rule was given a much needed update in December 2021. The new version is much more prescriptive and imposes a much more significant compliance burden and these new prescriptive controls are required to be in effect by December 2022.
Learn more about these new controls, what they mean to your organization, and strategies for getting these controls in place by this year’s deadline.11:10 amHealthcare Ground Zero: Cybersecurity at the Height of PandemicRegistration Level:
11:10 am - 11:55 amLocation / Room: Liberty 5The COVID-19 pandemic has had a profound impact on technology and cybersecurity. It reshaped healthcare; it accelerated digital transformation; it changed how people live and work (maybe forever); and it caused cybersecurity risks to rise significantly.This session helps define what is the new normal and how do we as security leaders address it. We’ll discuss how organizations get back to business and at the same time avoid the new and expanding traps bad actors are throwing at us.11:10 am[Panel] 2022 InfoSec State of the UnionLead Cybersecurity Consultant, Risk Advisory Services, AccessIT GroupHead of Research, Threat Intelligence Division, RadwareField CISO, Red CanaryDirector of Cybersecurity Sales, InfobloxSr. Product Marketing Manager, Recorded FutureDirector, Information Risk Management, VerizonRegistration Level:
- Conference Pass
11:10 am - 11:55 amLocation / Room: Riverside Suite
- Open Sessions
With high-priority concerns regarding ransomware and the latest in technology dominating the news cycle, what about good old-fashioned cyberattacks? Are those still happening? Social engineering still works and everyone likes a good phish, but what do you need to stay aware of that maybe you put on the backburner? Staying up to date with patching? How secure are those old legacy systems your organization is still using? Are you keeping up with awareness training and those other compliance and privacy projects you must maintain? Are staffing issues reaching our vendor partners?
Join our experts and bring your questions to this inactive panel. We will shed light and takeaways on the 2022 InfoSec State of the Union and help spark insight and ideas on how to stay ahead of threats.11:10 amDeriving Insight from Threat Actor InfrastructureRegistration Level:
11:10 am - 11:55 amLocation / Room: Liberty 4
- Open Sessions
From proactively hunting for unknown attacker infrastructure, to placing the exploitation of vulnerabilities on a timeline often obscured by large spikes in activity. This talk will explore ways in which we can enrich our understanding of the threat landscape beyond that which is shared in threat feeds and reports.12:00 pm[Lunch Keynote] Predicting Security Events: A Machine Learning ApproachRegistration Level:
12:00 pm - 12:45 pmLocation / Room: Keynote Theater (New York Ballroom East)
- Open Sessions
Security is overdue for actionable forecasts. Like predicting the weather, similar models should work for vulnerabilities. With some open source data and a clever machine learning model, the open source EPSS model predicts which vulnerabilities will be exploited in the next 30 days. The author is one of the creators of EPSS and will walk through the history of vulnerability predictions, how the team from Virginia Tech, RAND, Cisco, and Cyentia came together to create the model (and how they got the patent licenses), and what the future of predictive security holds for XDR.12:00 pmAdvisory Council Roundtable Lunch – (VIP / Invite only)Is Your Defensive Stack Ready for a Targeted Attack?Enterprise Director, Northeast, PenteraRegistration Level:
12:00 pm - 12:45 pmLocation / Room: Liberty 3
- VIP / Exclusive
For Advisory Council members only. This roundtable discussion will be moderated by Alex Henkes of Pentera.
Understanding the potential risks in a security program leads to a healthy security program. Let’s discuss in depth how taking an offensive approach, through Automated Security Validation, enhances a team’s current defensive strategies.12:45 pmNetworking BreakRegistration Level:
12:45 pm - 1:15 pmLocation / Room: Exhibitor Hall
- Open Sessions
Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.1:15 pm[Panel] Incident Response!DFIR Principal Consultant, AvertiumDirector of Cloud Security Sales, FortinetHead of Solutions Architecture, TideliftSecurity Strategist, MimecastCISO, New York State Department of EducationRegistration Level:
1:15 pm - 2:15 pmLocation / Room: Riverside Suite
- Open Sessions
Security teams are struggling to keep up with the myriad of attack vectors looming. As we emerge from the pandemic, now is the time to focus and adjust your Incident Response plan. There is a new set of tools and technologies helping squash attacks, but what happens when they fail? What’s in your IR plan that addresses the unknown, and how are your preparing? What has worked and what has not? Join our panel of experts in a valuable discussion focusing on current threats and how your company can be better equipped during these unprecedented times.1:15 pm[Panel] The Current Threat LandscapeCo-Founder & CEO, DoControlSenior Field Sales Engineer, WithSecureSr. Security Consultant, Critical StartSr. Account Executive, HoxhuntSr. Threat Researcher, ProofpointChief Commercial Officer, Binary DefenseRegistration Level:
1:15 pm - 2:15 pmLocation / Room: Keynote Theater (New York Ballroom East)
- Open Sessions
If we’ve learned one thing from the pandemic it’s that cybercriminals do not take breaks. They are constantly retooling and trying new approaches. They collaborate—often better than we do. It is time for us to join forces, identify the most likely of risks to our organizations, and strengthen our networks. We’ve got to get our developers on board, as well, as it’s got to be secure before it goes to market. And what about all the careless clicking from employees?
It’s a huge task, but we don’t have to do it alone. Join our panel of experts as they unpack the current threat landscape and offer ideas on how to start making effective changes within your organization.1:15 pmLiability in an Automated WorldEmerging U.S. and Global Regulation of AI/ML Decision MakingMember, Data Privacy & Cybersecurity, Clark Hill LawRegistration Level:
1:15 pm - 2:15 pmLocation / Room: Liberty 4
- Open Sessions
From U.S. cities to the European Commission, regulators around the globe are focused on stamping out bias in automated decision-making by businesses. Whether used for recruitment and hiring, insurance claims and financial offerings, healthcare treatments, or housing, automation is everywhere. What constitutes an automated tool, is your organization using one, and how can security and privacy professionals reduce risk of liability in this increasingly automated world?1:15 pmBest Practices PAM Security and Privilege ProtectionRegistration Level:
1:15 pm - 2:00 pmLocation / Room: Liberty 5
- Open Sessions
The term “best practices” is used a lot, and the definition of it can differ between organizations based on risk appetite and tolerance. Similarly, the term, “PAM” is also often misused or overused. This session will look at how PAM is defined today, understanding how privileges are used within your organization, and some useful tips to start or mature your security model.
Some items we will discuss are ways to:
- Protect sensitive passwords and credentials
- Remove admin privileges from users and systems
- Meet compliance mandates
- Reduce risk from third-party vendors
Additionally, we will look at how privileges, session, and application management can help your organization move towards just-in-time and a Zero Trust security model.2:30 pmSuing the CISO: No Longer a HypotheticalCo-Founder & Managing Partner, XPAN Law PartnersChief Security Officer & Technology Lead, Trexin GroupRegistration Level:
2:30 pm - 3:15 pmLocation / Room: Liberty 5
- Conference Pass
A group of investors is suing SolarWinds following its supply chain cyberattack and naming the CISO in the lawsuit. They accuse him, and the company, of embracing “intentional or severely reckless deceit on investors” because of alleged claims about the company’s cybersecurity. Join this conversation between a Chief Information Security Officer and a cyber attorney to explore the impacts. How could this case alter future lawsuits? Is additional insurance needed for some security leaders? Is this the start of a trend or a one-off lawsuit? Plus, hear what other cybersecurity professionals are saying and share your opinion on this legal development.2:30 pmDeploying Authenticity in the Workplace & Activating Untapped Power for Increased ProductivityRegistration Level:
2:30 pm - 3:15 pmLocation / Room: Riverside Suite
- Open Sessions
This session is about the human aspect of cybersecurity that is not often addressed. Professionals at all levels struggle and face life issues. Many have untapped expertise, gifts, and talents in the workplace. Some do not shine light on their abilities due to the corporate culture or authenticity level in the workplace.
This session will address authenticity from three angles for the benefit of: the cybersecurity professional, the cybersecurity leader, and the cybersecurity organization.
2:30 pmDetecting Mac Malware Served Through AdsRegistration Level:
- Leaders will receive strategies to effect change in the workplace and reduce turnovers.
- Individuals will learn to value and showcase their brilliance; they will identify issues that undermine personal development and stall career elevation goals.
- Organizations will identify ways to improve corporate culture, increase diversity, equity and inclusion in the workplace, promote effective allyship, and retain talent.
2:30 pm - 3:15 pmLocation / Room: Liberty 4
- Open Sessions
The digital landscape has dramatically evolved over the past 10 years. Phishing, malware attacks, and crypto scams using ads as a vector are on the rise. Malvertisers have been empowered to become sophisticated cybercriminals that are a threat to any digital user and enterprise organization. Gain critical insight into attacks via adware and detection of unique macOS malware, including trends, detection of notarized malware, and benchmarking with online malware scanners.
Key Takeaway: Almost 100% of macOS malware families come from the ad ecosystem.3:15 pmNetworking Break and Dash for PrizesRegistration Level:
3:15 pm - 3:45 pmLocation / Room: Exhibitor Hall
- Open Sessions
Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.
Participating sponsors will announce their Dash for Prizes winners. Must be present to win.3:15 pmHappy Hour & CasinoSponsored by Tanium, AccessIT, and ExpelRegistration Level:
3:15 pm - 5:00 pmLocation / Room: Exhibitor Hall
- Open Sessions
Join your peers for conversation and complimentary beer, wine, and soda. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day.
Enjoy the competitive fun at blackjack and craps tables!
Generously sponsored by:3:45 pm[Closing Fireside Chat] BEC Attacks, Crypto, and the Investigative Powers of the Secret ServiceSr. Investigator, Global Intelligence, CoinbaseAssistant to the Special Agent in Charge, New York Field Office, U.S. Secret ServiceSupervising Investigator, New York County District Attorney's OfficeM.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales UniversityRegistration Level:
3:45 pm - 4:30 pmLocation / Room: Keynote Theater (New York Ballroom East)3:45 pmInclusion Frameworks Allow All Genders to Work in Inclusive EnvironmentsRegistration Level:
- Open Sessions
3:45 pm - 4:30 pmLocation / Room: Riverside SuiteWhile we all want diversity and inclusion at work, our work environments struggle to provide them. Why is this? What can each of us do to create inclusive work environments? There is a model that works. I had the privilege of experiencing this model young in my career and then built many successful companies implementing it. I look forward to sharing it with you! Together we can make change one by one. Everyone wants to work in cultures that are fair, productive, kind and provide growth. There is a model for this.4:00 pmHappy Hour: Cyber Breakfast ClubRegistration Level:
- Open Sessions
4:00 pm - 5:30 pmLocation / Room: Riverside Suite
- Open Sessions
Join your peers for complimentary appetizers and drinks! Register to attend here: https://www.eventbrite.com/e/428269143537
The Cyber Breakfast Club™ is a private cybersecurity breakfast group connecting cybersecurity executives and leaders. Enjoy monthly networking and quarterly socials with peers in a relaxed environment, keynote speakers, interactive table top exercises, community engagement and connecting with both local cybersecurity community leaders and national leaders.4:30 pmInfraGard Member ReceptionOpen to all attendeesRegistration Level:
4:30 pm - 5:30 pmLocation / Room: Keynote Theater (New York Ballroom East)
- Open Sessions
Open to InfraGard members and any prospective members.
- AccessIT GroupBooth: 385
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- AdaptivaBooth: 450
Adaptiva’s unrivaled solutions empower complex, enterprise IT teams to manage and secure endpoints with unparalleled speed at massive scale. They eliminate the need for a vast IT infrastructure and automate countless endpoint management tasks for many of the world’s largest organizations and government agencies.
- Akamai TechnologiesBooth: 130
Akamai powers and protects life online. Leading companies choose Akamai to build, deliver, and secure digital experiences. With the most distributed compute platform—cloud to edge—customers can build modern apps while keeping experiences closer to users and threats farther away. Learn about Akamai’s security, compute, and delivery solutions at akamai.com.
- AuditBoard, IncBooth: 340
AuditBoard is the leading cloud-based platform transforming how enterprises manage risk. Its integrated suite of easy-to-use audit, risk, and compliance solutions streamlines internal audit, SOX compliance, controls management, risk management, and security compliance. AuditBoard’s clients range from prominent pre-IPO to Fortune 50 companies
looking to modernize, simplify, and elevate their functions. AuditBoard is the top-rated audit management and GRC software on G2, and was recently ranked for the second year in a row as one of the 100 fastest-growing technology companies in North America by Deloitte.
- AvertiumBooth: 100
Avertium was born from 4 award-winning cybersecurity firms in 2019. Today, helping mid-to-enterprise organizations protect assets and manage risk is our only business. Our mission is to make our customers’ world a safer place so that they may thrive in an always-on, connected world.
- BeyondTrustBooth: 140
BeyondTrust is the worldwide leader in Privileged Access Management (PAM), empowering organizations to secure and manage their entire universe of privileges. Our integrated products and platform offer the industry’s most advanced PAM solution, enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments.
The BeyondTrust Universal Privilege Management approach secures and protects privileges across passwords, endpoints, and access, giving organizations the visibility and control they need to reduce risk, achieve compliance, and boost operational performance. We are trusted by 20,000 customers, including 78 of the Fortune 100, and a global partner network.
- Binary DefenseBooth: 270
Binary Defense is a managed security services provider and software developer with leading cybersecurity solutions that include SOC-as-a-Service, Managed Detection & Response, Security Information & Event Management, Threat Hunting and Counterintelligence. Binary Defense believes its unique approach resolves infosec’s biggest challenges such as limited in-house security expertise, lack of innovative resources and the significant budgetary and time investment required to ensure protection from today’s threats.
- CardinalOpsBooth: 480
CardinalOps delivers AI-powered detection content and metrics to ensure your SOC is protected from the MITRE ATT&CK techniques most relevant to your organization’s adversaries, infrastructure, and business priorities.
Leveraging proprietary analytics and API-driven automation, the platform continuously delivers new use cases enabling your SOC team to stay ahead of constant change in the attack surface and threat landscape – plus continuously identify and remediate broken rules and misconfigured log sources – so you can close the riskiest detection gaps that leave your organization exposed.
Founded in early 2020, CardinalOps is led by serial entrepreneurs whose previous companies were acquired by Palo Alto Networks, HP, Microsoft Security, IBM Security, and others. The company’s advisory board includes Dr. Anton Chuvakin, recognized SIEM expert and Head of Security Solution Strategy at Google (formerly Gartner Research VP); Dan Burns, former Optiv CEO and founder of Accuvant; and Randy Watkins, CTO of Critical Start.
- Cisco / Kenna SecurityBooth: 210
We pioneered risk-based vulnerability management, and now we’re doing the same for Modern Vulnerability Management. What is Modern Vulnerability Management? It’s a new model for managing the right level of risk for your business. It provides clear prioritization based on real-time threat and exploit intelligence, and uses those insights to deliver guidance unique to your environment. And it eliminates the friction between Security and IT teams about what to patch, and when. So you can save time, money and resources—and keep your teams efficiently focused on reducing the biggest risks to your business.
- ConfiantBooth: 120
Confiant is a cybersecurity provider specialized in detecting and stopping threats that leverage advertising technology infrastructure, also known as Malvertising. We help digital publishers and advertising technology platforms around the world take back control of the ad experience in real-time. In addition, Confiant helps enterprises protect themselves and their customers from threat actors performing these attacks. Confiant oversees trillions of monthly ad impressions with innovative integrations embedded deep into the ad tech ecosystem, giving us a unique vantage point. Our superior detection set for phishing, crypto scams and malware attacks using ads as a vector is one-of-a-kind in the industry. Confiant executes our mission everyday to protect users and organizations of all sizes, including Microsoft, Orange, Paramount and IBM. We offer unique and actionable insights into threats that systematically target brands, businesses, individuals and supply chains via ads. Our recently published Malvertising Matrix maps the tactics, techniques and procedures active in Malvertising today. inclusive of emerging Web3 Layer 4 threats.
To learn more about Malvertising go to matrix.confiant.com
- Critical StartBooth: 310
Critical Start simplifies breach prevention by delivering the most effective managed detection and incident response services. Powered by our Zero Trust Analytics Platform, the industry’s only Trusted Behavior Registry, and MOBILESOC, our 24x7x365 expert security analysts and Cyber Research Unit monitors, investigates, and remediates alerts swiftly and effectively.
- CybereasonBooth: 200
Cybereason was founded in 2012 by a team of ex-military cybersecurity experts with the mission of detecting and responding to complex cyber-attacks in real time. Cybereason is the only Endpoint Detection and Response platform deployed in user space that detects both known and unknown attacks and connects isolated indicators of compromise to form a complete, contextual attack story. Cybereason’s behavioral analytics engine continuously hunts for adversaries and reveals the timeline, root cause, adversarial activity, related communication and affected endpoints and users of every attack. Cybereason provides security teams with actionable data, enabling fast decision making and proper response.
- DoControl Inc.Booth: 320
DoControl’s mission is to build a future where SaaS application-based business enablement and security are balanced through technology, automation, and simplicity. We work hand-in-hand with our customers and partners to deliver automated security solutions that are purpose-built for today’s fast paced business environment.
- EndaceBooth: 440
Customers choose Endace products for one primary reason: they deliver, where competitor products fail. Whether it is capture accuracy, fidelity of time stamps, write-to-disk performance or speed of traffic retrieval, Endace is famous for delivering the very best performing products. Telcos, broadcasters, governments, defence departments, investment banks and many other large enterprises trust our products to help them manage their critical data networks.
- ForcepointBooth: 430
Forcepoint is transforming cybersecurity by focusing on what matters most: people’s behavior as they interact with critical data and systems. Forcepoint behavior-based solutions adapt to risk in real time and are delivered via a converged security platform, protecting the human point for thousands of enterprise and government customers. Our solutions include Cloud Security, Network Security, Data & Insider Threat Security.
- FortinetBooth: 470
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.
- HelpSystemsBooth: 495
GoAnywhere MFT automates and encrypts file transfers using industry standard protocols (e.g. OpenPGP, AES, FTPS, SFTP, SCP, AS2, and HTTPS). With full audit trails and reporting functionality, GoAnywhere can help organizations comply with strict compliance regulations like PCI DSS, HIPAA, and the GDPR.
- HoxhuntBooth: 260
Data breaches start with people, so Hoxhunt does too. We combine cognitive automation with the human touch to create individualized adaptive training experiences employees love, and a managed service model enterprises depend on.
- Infoblox, IncBooth: 350
Infoblox delivers modern, cloud-first networking and security experiences that are simple, automated, scalable and reliable. The company is the market leader with over 12,000 customers worldwide, including over 70 percent of the Fortune 500. The company’s portfolio of SaaS, data center, and hybrid offerings for DHCP, DNS, IPAM and security solutions enable organizations to leverage the advantages of on-premises and cloud-first architectures. The combination of NIOS, BloxOne DDI, BloxOne Threat Defense and threat intelligence services provide a robust foundation for connecting and securing the modern enterprise.
- InfraGard New York MetroBooth:
The New York City Metro InfraGard Members Alliance (NYM-IMA) is a local program of the INMA. The New York Metro InfraGard Chapter holds regular meetings and provides members with a forum for information sharing within a secure environment, while focusing on protecting the critical infrastructure of New York City and surrounding areas.
Member’s alliance are part of a national network of FBI-vetted volunteers who are critical infrastructure SME in one or more sectors. It provides a trusted forum for the real-time exchange of information, training and expertise related to the protection of critical infrastructure and key resources from both physical and cyber threats.
- ISACA New York Metropolitan ChapterBooth:
Our Mission: As a leading ISACA chapter, our mission is to serve our membership by providing world-class training, networking opportunities, and guidance while contributing to the profession both locally and internationally. Today, ISACA is a worldwide organization with over 200 chapters and the New York Metropolitan Chapter has grown to be one of the largest ISACA chapters in the world.
Our Membership: The New York Metropolitan Chapter has over 3,800 members, from the information systems audit/assurance, information security, IT risk management, and governance professions. Our members represent a wide array of industries including financial services, accounting and consulting, legal services, education, entertainment, health care, retail, public utilities, and government/regulatory entities – and hold positions ranging from entry level staff to senior management.
- MimecastBooth: 410
Mimecast empowers our customers to help mitigate risk and manage complexities across a threat landscape driven by cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today.
- OktaBooth: 400
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- OxeyeBooth: 370
Oxeye provides a cloud-native application security solution designed specifically for modern architectures. The company enables customers to quickly identify and resolve all application-layer risks as an integral part of the software development lifecycle by offering a seamless, comprehensive, and effective solution that ensures touchless assessment, focus on the exploitable risks, and actionable remediation guidance. Built for Dev and AppSec teams, Oxeye helps to shift security to the left while accelerating development cycles, reducing friction, and eliminating risks. To learn more, please visit www.oxeye.io.
- PenteraBooth: 230
Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers, unfolding true, current security exposures at any moment, at any scale.
Thousands of security professionals and service providers around the world use Pentera to guide remediation and close security gaps before they are exploited.
- ProofpointBooth: 220
Proofpoint protects your people, data, and brand from advanced threats and compliance risks with cybersecurity solutions that work. Built on advanced analytics and a cloud architecture, our platform secures the way your people work today—through email, mobile apps, and social media.
Some attacks get through even the best defenses. That’s why our solutions also proactively safeguard the critical information people create. We reduce your attack surface by managing this data and protecting it as you send, store, and archive it. And when things go wrong, we equip security teams with the right intelligence, insight, and tools to respond quickly.
- RadwareBooth: 360
Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.
- Recorded FutureBooth: 150
Recorded Future arms security teams with threat intelligence powered by machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources. We provide invaluable context that’s delivered in real time and packaged for human analysis or instant integration with your existing security technology.
- Red CanaryBooth: 240
Red Canary was founded to create a world where every organization can make its greatest impact without fear of cyber attacks. As a security operations ally, we arm businesses of all sizes with outcome-focused solutions to quickly identify and shut down attacks from adversaries. Security teams can make a measurable improvement to security operations within minutes.
- RiskReconBooth: 300
RiskRecon, a Mastercard company, provides cybersecurity ratings and insights that make it
easy for enterprises to understand and act on their risks. RiskRecon is the only security rating
solution that delivers risk-prioritized action plans custom-tuned to match customer risk priorities,
enabling organizations to efficiently operate scalable, third-party risk management programs for
dramatically better risk outcomes. Request a demo to learn more about our solution.
- runZeroBooth: 280
runZero provides an asset inventory and network visibility solution that helps organizations find and identify managed and unmanaged assets connected to their networks and in the cloud. Powered by our research-driven model for fingerprinting, runZero can uncover areas of your network you didn’t even know you had. No credentials needed.
- SecurEnds, IncBooth: 390
SecurEnds provides companies with a tool to automate user access reviews (UAR) across cloud and on-prem applications to meet SOX, ISO27001, PCI, HIPAA, HITRUST, FFEIC, GDPR, and CCPA audit requirements. Utilizing fuzzy logic to pull data from systems of record (SOR), complimentary identity governance and administration (IGA) solutions, and SaaS-based, custom, and legacy downstream applications, SecurEnds provides a complete, end-to-end process for UAR, then automates it out of the box.
- Security JourneyBooth: 420
HackEDU’s spring 2022 acquisition of Security Journey brings together two powerful platforms to provide application security education for developers and the entire SDLC team. The two officially became one in August 2022 and are now Security Journey. Two platforms, one path to build a security-first development culture.
- SonatypeBooth: 460
Every day, developers rely on millions of third party and open source building blocks – known as components – to build the software that runs our world. Sonatype ensures that only the best components are used throughout the software development lifecycle so that organizations don’t have to make the tradeoff between going fast and being secure. More than 120,000 organizations use Sonatype’s Nexus solutions to support agile, Continuous Delivery, and DevOps practices globally
- TaniumBooth: 380
Tanium was founded to deliver a new and innovative approach to endpoint management and security that delivers instant visibility and responsiveness that does not slow down as the enterprise environment scales. Tanium is empowering the largest enterprises in the world to gather critical information globally from every endpoint and drive remediating action in seconds, including the distribution of patches, applications, and tools – all from a single server. For more information, visit: https://www.tanium.com.
- Team CymruBooth: 110
Team Cymru’s mission is to save and improve human lives. We are unrivalled across three disciplines; digital business risk platforms, free to use community services and support services to over 143 Government CSIRT teams.
Our business risk and threat intelligence platforms empower global organizations with unmatched Threat Reconnaissance and Attack Surface Management capabilities to meet the challenges of today’s cyber threats.
Community Services equip those who run the internet to defend it from criminals who wish to disrupt and cause harm, and CSIRT enables Governments the tools to outmaneuver nation state threat actors.
Since 2005, our reputation remains unchallenged.
- TechTargetBooth: n/a
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- TideliftBooth: 250
Tidelift helps organizations effectively manage the open source behind modern applications.
Through the Tidelift Subscription, the company delivers a comprehensive management solution, including the tools to create customizable catalogs of known-good, proactively maintained components backed by Tidelift and its open source maintainer partners.
Tidelift enables organizations to accelerate development and reduce risk when building applications with open source, so they can create even more incredible software, even faster.
- Cyber Fraud Task Force – U.S. Secret ServiceBooth:
Cyber Fraud Task Forces (CFTFs), the focal point of our cyber investigative efforts, are a partnership between the Secret Service, other law enforcement agencies, prosecutors, private industry, and academia. The strategically located CFTFs combat cybercrime through prevention, detection, mitigation, and investigation.
- Waterfall SecurityBooth: 490
Waterfall Security’s technology represents an evolutionary alternative to firewalls. Our innovative, patented Unidirectional Security Gateway solutions enable safe and reliable IT/OT integration, data sharing, cloud services, and all required connectivity for industrial control systems and critical infrastructures. Waterfall Security’s products dramatically reduce the cost and complexity of regulatory compliance with NERC CIP, NRC, NIST, CFATS, ANSSI and others.
Waterfall products enable external parties, HQ, engineering, contractors and vendors, cloud services, and others to have access to operational information, while keeping the industrial control systems safe and secure. Our purpose-built hardware based security is enhanced by off-the-shelf software with a multitude of interfaces to widest range of industrial systems, protocols, databases and IT solutions in the market.
Waterfall has a growing list of customers worldwide, including national infrastructures throughout North America, Europe, Asia and the Middle-East in power plants, nuclear plants, on/off-shore platforms, refineries, manufacturing plants, utility companies plus many more. Our strategic partners are multinational conglomerates and integrators in manufacturing, automation and other parallel industries.
- WithSecureBooth: 330
WithSecure™ (formerly F-Secure Business) is cybersecurity’s reliable partner. IT service providers, MSSPs and businesses—along with the largest financial institutions, manufacturers, and thousands of the world’s most advanced communications and technology providers—trust us for outcome-based cybersecurity that protects and enables their operations. Our AI-driven protection secures endpoints and cloud collaboration, and our intelligent detection and response are powered by experts who identify business risks by proactively hunting for threats and confronting live attacks. Our consultants partner with enterprises and tech challengers to build resilience through evidence-based security advice. WithSecure™ is part of F-Secure Corporation, founded in 1988, and listed on NASDAQ OMX Helsinki Ltd.
- Tom BrennanExecutive Director, Americas Region, CREST
Tom Brennan is the CIO of the national law firm Mandelbaum Barrett PC and leads the U.S. arm of CREST International. In this role, he works with government and commercial organizations to optimize the value of CREST as a cybersecurity accreditation body and industry standards advocate, particularly for companies in the Cybersecurity & Infrastructure Security Agency’s 16 critical infrastructure sectors which are vital to U.S. security, national economy, and public health and safety. As CREST USA Chairman, Brennan spearheads strategic plans for CREST USA’s organizational growth while also serving as an industry evangelist and educator on the value of using accredited cybersecurity products and professionals to improve consumer privacy, security, and protection worldwide.
As a proud U.S. Marine veteran, Brennan became involved with CREST International in 2016 while serving the Global Board of Directors for the Open Web Application Security Project (OWASP). Seeing similar goals, he became more active in the CREST organization and was nominated to lead the organization’s U.S. Advisory in 2019. Over his career, Brennan has amassed security expertise across the cybersecurity spectrum, including penetration testing, vulnerability assessment, application security, threat intelligence, and more. In addition to being CREST USA Chairman, he is the Chief Information Officer of the national law firm Mandelbaum Barrett, overseeing critical infrastructure, privacy, and security operations. He is also an Advisory Board Member of the information services advisory Gerson Lehrman Group, a Cyber Fellows Advisory Council Member, a Member of the Information Technology Advisory Committee of the County College of Morris, a Senior Advisor and Industry Advisory Board Member of the New Jersey Institute of Technology, and a Cyber Fellows Advisory Council Member of the NYU Tandon School of Engineering.
- Nicole DoveHead of Security, Riot Games
Nicole Dove is an award-winning cybersecurity leader, university lecturer & host of the Urban Girl Corporate World podcast.
As Head of Security for Riot Games, she is responsible for building a scalable security program including a team of BISOs to support the company’s expansion into entertainment, music and esports.
Nicole performed voice over work on two Grand Theft Auto titles, attended the 2016 White House Summit on the United State of Women, won the 2021 EWF Woman of Influence Award and completed Cybersecurity Leadership studies at Harvard University.
She produces and hosts the Urban Girl Corporate World podcast, creates Cybersecurity courses for LinkedIn Learning, is a frequent guest on tech podcasts and has given keynotes at tech conferences and organizations including Facebook, Yale School of Management, RSA, OWASP, Deloitte Consulting, and Goldman Sachs.
- Tomás MaldonadoCISO, NFL
Tomás Maldonado is the Chief Information Security Officer (CISO) at the National Football League (NFL). He is globally responsible for leading the information security program for the League and its entities. Maldonado has over 23 years of experience in this area, having led global information security teams and programs at several large international organizations. Prior to Joining the NFL, Maldonado was the CISO at International Flavors & Fragrances where he was globally responsible for establishing and leading the Cybersecurity & Technology Risk Management program. Maldonado was an executive director and CISO for the corporate sector of JPMorgan Chase, where he established and shaped the future direction of the security program and focus for the line of business. He was also a VP of technology risk management at Goldman Sachs where he worked on several key initiatives namely creating and leading the data loss protection program. He had additional opportunities at Schroders where he was the network security officer, Ernst & Young and Bloomberg LP. Maldonado holds several industry recognizable certifications: he is a CISSP, a CISM, a CDPSE, and a CRISC, while holding a Bachelor of Science in computer science from Fordham University.
- Timothy RohrbaughCISO, JetBlue Airways
- Taylor Milligan Crotty, ModeratorGlobal Head of Cyber Resilience & Data Protection, BlackRock
Taylor M. Crotty leads BlackRock Information Security’s Cyber Wargames team and is responsible for education, training and process development related to Cyber Incident Response & Recovery, measuring and managing cyber risks across the organization and Third Party Security for BlackRock’s critical service providers.
Taylor is focused on assuring the resiliency of BlackRock and key partners critical to BlackRock’s business operations before, during, and after a cyber event. She coordinates periodic, tabletop-style resilience exercises (“Wargames”) with BlackRock’s most critical provider partners, internal business functions, and at the sector level. Taylor also drives strategic workflow analysis initiatives for Information Security, leveraging deep technical expertise to identify and mitigate security risks across the Firm and optimize our ability to protect information.
Prior to assuming her current role, Taylor led BlackRock's Third Party Security program where she was responsible for assuring the security of outsourced workflows, establishing a stronger baseline level of protection with service providers through contracting and conducting security assessments of critical provider partners to ensure Firm and Client information was protected with the requisite care in accordance with industry best practices.
Taylor first developed a Third Party Security practice while working as a consultant with Security Risk Advisors. She administered Third Party Security programs for a large private healthcare company and a financial services company notable for being the nation’s primary provider of private-label credit cards.
Taylor serves as a board member for the University of Michigan College of Engineering Alumni Board. She has been formally invited to share her experience and thought leadership in the cyber resilience space as a speaker at various events and industry conferences.
- Scott MatsumotoCISO, Robinhood Crypto
Scott Matsumoto joined Robinhood in 2021 and is responsible for building and maintaining the cybersecurity program for Robinhood Crypto. He brings extensive experience in both the cryptocurrency and cybersecurity spaces having previously served as the CISO for Circle Internet Financial and the Poloniex cryptocurrency exchange.
- Naomi BuckwalterFounder & Executive Director, Cybersecurity Gatebreakers Foundation
Naomi Buckwalter, CISSP CISM, is the Director of Product Security for Contrast Security and author of the LinkedIn course: “Training today for tomorrow's solutions - Building the Next Generation of Cybersecurity Professionals”. She is also the founder and Executive Director of Cybersecurity Gatebreakers Foundation, a nonprofit dedicated to closing the demand gap in cybersecurity hiring. She has over 20 years' experience in IT and Security and has held roles in Software Engineering, Security Architecture, Security Engineering, and Security Executive Leadership. As a cybersecurity career adviser and mentor for people around the world, her passion is helping people, particularly women, get into cybersecurity. Naomi has two Masters degrees from Villanova University and a Bachelors of Engineering from Stevens Institute of Technology.
- Israel BarakCISO, Cybereason
Israel Barak, Chief Information Security Officer at Cybereason, is a cyber defense and warfare expert with a background developing cyber warfare infrastructure and proprietary technologies, including that of proprietary cryptographic solutions, research and analysis of security vulnerabilities. Israel has spent years training new personnel, providing in-depth expertise related to cyber warfare and security, threat actor’s tactics and procedures. As Cybereason’s CISO, Israel is at the forefront of the company’s security innovation, research and analysis of advanced threats.
- Patrick SullivanVP, CTO of Security Strategy, Akamai
Patrick Sullivan is VP, CTO of Security Strategy for Akamai and a Contributing Author for Information-Security magazine. Patrick joined Akamai's Security Team in 2005 and has been a leader working with leading enterprises to design security architectures and thwart evolving threats. Patrick is a frequent speaker at Security Conferences including RSAC, Blackhat, Gartner, IANS, and others. Prior to Akamai, Patrick held leadership positions in the US DoD, Cable&Wireless, Savvis, and AT&T. Patrick holds various network and security certifications including: CISSP, GWAPT, GSLC, GCIH, GCFA, GCSA.
- Blake PennCISO, Colgate University
- Afzal KhanGlobal CISO, OPKO Health, Inc.
- Brett Price, CISSP, CISMLead Cybersecurity Consultant, Risk Advisory Services, AccessIT Group
Brett Price is a Senior Cybersecurity Consultant for the Risk Advisory Services practice at AccessIT Group (AITG). Brett is a knowledgeable cybersecurity consultant with over twenty years of experience and an extensive background in security consulting, network engineering/administration and cybersecurity best practices. Brett’s skills range from analyzing network packet behavior to securing enterprise critical infrastructure with expertise in assessing and consulting on risk management frameworks and standards such as NIST 800-53, NIST CSF, CIS and ISO/IEC 2700X. Brett has experience working with enterprise and mid-market customers across various industry sectors such as healthcare, banking, industrial, retail, pharmaceutical and insurance.
- Daniel SmithHead of Research, Threat Intelligence Division, Radware
Daniel is the Head of Research for Radware’s Threat Intelligence division. He helps produce actionable intelligence to protect against botnet-related threats by working behind the scenes to identify network and application-based vulnerabilities. Daniel brings over ten years of experience to the Radware Threat Intelligence division. Before joining, Daniel was a member of Radware’s Emergency Response Team (ERT-SOC), where he applied his unique expertise and intimate knowledge of threat actors’ tactics, techniques, and procedures to help develop signatures and mitigate attacks proactively for customers.
- Robb ReckField CISO, Red Canary
- Tom GrimesDirector of Cybersecurity Sales, Infoblox
- Chad KnipschildSr. Product Marketing Manager, Recorded Future
Chad is a senior product marketing manager at Recorded Future working on intelligence-based solutions. Before joining Recorded Future, he served as a U.S. Naval Intelligence Officer with an extensive background in special operations and cyber threat intelligence.
- Rod Aday, ModeratorDirector, Information Risk Management, Verizon
Rod Aday is an experienced security professional with many years of experience in information security/cybersecurity, business continuity, operational risk and information technology. As a CISO in the financial services sector, Rod has built Information Security and Business Continuity Programs from the ground up at three different financial institutions, bringing their cybersecurity maturity to the level appropriate for each institution’s risk profile and in-line with regulatory guidance. He was formerly the CISO, Head of Operational Risk and Information Security, for Dexia Credit Local, NY Branch. Rod holds a CISSP certification as well as the concentrations CISSP-ISSAP and CISSP-ISSMP. He is currently pursuing his Masters in Information Security with the University of London, International program.
- Josh HopkinsSenior Analyst, Team Cymru
Now leading the internal S2 research team, Josh has been an analyst with Team Cymru for the past five years leading him to become an expert in counting to 10 and recommencing his work. He specializes in the tracking of infrastructure for a diverse target set that includes both nation state and criminal threat actors. Josh has an extensive background in law enforcement and national security investigations.
- Michael RoytmanChief Data Scientist, Kenna Security (a Cisco company)
Michael Roytman is a recognized expert in cybersecurity data science. At Kenna Security, Michael is responsible for building the company's core analytics functionality focusing on security metrics, risk measurement, and vulnerability measurement.
Named one of Forbes' 30 Under 30, Michael's strong entrepreneurship skills include founding organizations such as Dharma Platform, a cloud-based data management platform, and TruckSpotting, a mobile app for tracking food trucks. He also serves on the board of Cryptomove, a moving target data protection startup. In addition, Michael chairs the Board of Dharma Platform, is a board member and the program director at the Society of Information Risk Analysts (SIRA), and is a co-author of the Exploit Prediction Scoring System (EPSS).
Michael is a frequent speaker at security industry events, including Black Hat, BSides, Metricon, RSA, SIRACon, SOURCE, and more. Michael holds a Master of Science in Operations Research degree from Georgia Institute of Technology.
- Alex HenkesEnterprise Director, Northeast, Pentera
- Patterson CakeDFIR Principal Consultant, Avertium
Patterson has worked in information-technology for more than two decades, focusing on information-security for the past several years, specializing in the development of incident-response teams, programs and processes. Before joining Avertium, he was a Senior Security Consultant for Haven Information Security, a Senior Security Engineer for AWS Managed Services, and has extensive experience in information-security across multiple verticals, from non-profit healthcare to cloud-service providers to financial-service providers. He also teaches for SANS, is a member of the GIAC GPEN advisory board, and is actively involved in the information-security community.
- Stephen ClarkDirector of Cloud Security Sales, Fortinet
Stephen Clark has over 25 years experience in the information security space having spent time at Check Point, Cisco, and Palo Alto Networks. Stephen also spent time working in the security consulting field working primarily with the Fortune 1000.
He is presently the Director of Cloud Security Sales for Fortinet. Today he helps manage and set the direction for cloud security within the Fortinet Sales team. The product portfolio includes Next Generation Firewalls, Web Applications Firewalls, CASB and Containers.
- Mark GalpinHead of Solutions Architecture, Tidelift
As a developer, architect and product manager, Mark Galpin has a passion for making the release process better.
- Rick SalimovSecurity Strategist, Mimecast
- Moderator Marlowe CochranCISO, New York State Department of Education
Marlowe Cochran has been working in the IT field for over 24 years, with 11 plus years in information security roles. He has worked in the federal and state government, health care, not-for-profit, elementary education, and Higher Education sectors in his previous roles. In his current role at the New York State Department of Education, he is the Chief Information Security Officer. Marlowe currently collaborates with external stakeholders, and other NYSED program offices, to lead, manage, and further develop NYSED’s information security program. He is the inhouse consultant for internal and external stakeholders on information security topics and projects. He oversees data risk assessment/management, incident response, the development of policies, procedures, and programs that ensure compliance with all applicable federal and state laws and industry best practices.
- Adam GavishCo-Founder & CEO, DoControl
Adam Gavish is the Co-Founder and Chief Executive Officer of DoControl. Adam brings 15 years of experience in product management, software engineering, and network security. Prior to founding DoControl, Adam was a Product Manager at Google Cloud, where he led ideation, execution, and strategy of Assured Workloads (GovCloud) customer experience serving Fortune 500 customers. Before Google, Adam was a Senior Technical Product Manager at Amazon, where he launched customer-obsessed products improving the payment experience for 300M customers globally. Before Amazon, Adam was a Software Engineer in two successfully acquired startups, eXelate for $200M, and Skyfence for $60M.
- Raj PatelSenior Field Sales Engineer, WithSecure
Raj Patel is a Senior Field Sales Engineer with Finland-based cybersecurity firm, WithSecure. His 20 years of experience leading IT projects has focused on analyzing business requirements and customer goals to deliver enterprise solutions with a focus on cloud and cybersecurity technologies.
- Cary SpearmanSr. Security Consultant, Critical Start
Cary Spearman is a strong advocate for implementing real security and avoiding “security theater. As a graduate of Charleston Southern, Cary started his career in the IT world as a network administrator for a healthcare provider. His initial foray into the world as security was as a firewall admin with a large MSSP. Currently he is Security Consultant for Critical Start.
- Sean RaffettoSr. Account Executive, Hoxhunt
Sean works with organizations across the globe partnering with them to provide tailored Consulting security services enabling security teams to keep up with the rapid pace of change in the cyber threat landscape. With over a decade of experience working with enterprise level solutions, Sean specializes in implementing proactive and defense cyber programs across finance, media, and critical national infrastructure. Sean is a lifelong soccer fan and enjoys staying active by hiking and snowboarding.
- Jared PeckSr. Threat Researcher, Proofpoint
Jared Peck is a Senior Threat Researcher for the Field Facing Threat Research Team at Proofpoint where he focuses on phishing kit research and phishing campaign creation as well as communicating specific threats and the threat landscape to customers. Prior to joining Proofpoint, Jared spent eight years at a Fortune 500 financial services company in several roles including Senior Cyber Threat Intelligence Analyst. Before changing careers to information security, Jared worked in the emergency services field for over 15 years as a firefighter, paramedic, and hospital emergency room technician. Jared holds several SANS certifications including GCTI, GREM, GCIH, and GCIA.
- Moderator: Tracy CaudillChief Commercial Officer, Binary Defense
As Binary Defense Chief Commercial Officer, Tracy Caudill, brings her experience leading complex cybersecurity engagements and building collaborative teams that create customer value and enable long-lasting partnerships across the customer journey. She is responsible for leading Binary Defense’s marketing, sales and customer success strategy to drive business growth and customer centricity.
Prior to Binary Defense, Tracy was Vice President and Head of Delivery Management for Capgemini Americas Cloud and Infrastructure Services where she was responsible for leading delivery of a $200M Projects and Consulting portfolio. In her 20-year career, Tracy has guided the build, management and strategic transformation of security operations for some of the largest companies in the world. She has held multiple leadership positions as part of Lockheed Martin Corporation, Leidos Cyber and Capgemini Americas in the core areas of cybersecurity, program management and business development for Fortune 500 clients as well as the U.S. Air Force, U.S. Navy and Department of Homeland Security.
Tracy holds a Bachelor of Science in Electrical Engineering and a Master of Science in Engineering Management from the University of Southern California. She lives in Alexandria, VA with her husband and two children. Tracy is passionate about giving back to her community and inspiring the next generation of women leaders. She has served as troop leader for the Girl Scout Nation’s Capital Council and is a Sustaining Member of the Junior League of Washington.
- Myriah V. Jaworski, Esq., CIPP/US, CIPP/EMember, Data Privacy & Cybersecurity, Clark Hill Law
Myriah Jaworski is a Member, Data Privacy and Cybersecurity, at Clark Hill Law. She represents clients in data breach actions, technology disputes, and in the defense of consumer class actions and related regulatory investigations stemming from alleged privacy torts and violations of the TCPA, BIPA, IRPA, and other state and federal privacy laws. Myriah also works with clients to devise and implement privacy and security compliance programs and to evaluate and implement new technologies, including enterprise-wide AI and machine learning tools. She is also been recognized as a Super Lawyer® for her Civil Litigation practice in 2018, 2019, 2020, and 2021.
- Jason SilvaSr. Solutions Architect, BeyondTrust
Jason Silva is a Senior Solutions Architect focused on Privilege Access Management (PAM), Identity and Access Management (IAM), and Least Privilege. Jason brings over 25 years of experience in solutions management to BeyondTrust's Privileged Access Management Solutions enforcing Privileged Password Management and Privileged Session Management, Privileged Endpoint Management, and Secure Remote Access which utilizes a single pane of glass for all management aspects including Automated Account Discovery, Privileged Management and Elevation, Audit and Compliance, and Reporting.
- Rebecca RakoskiCo-Founder & Managing Partner, XPAN Law Partners
Rebecca L. Rakoski is the managing partner at XPAN Law Partners, LLC. Rebecca advises her clients on a proactive, multi jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She uses her extensive experience to work with her clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.
Rebecca counsels and aggressively defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. As an experienced litigator, Rebecca has handled hundreds of matters in state and federal courts. Rebecca skillfully manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to minimize her client's litigation risks.
Rebecca regularly negotiates complex contractual provisions that are impacted by domestic and international data privacy regulations including the California Consumer Privacy Act of 2018, and the European Union's General Data Protection Regulation. She understands how the nature of the data can affect the role her client plays in the data transaction and uses that knowledge to mitigate corporate liability.
As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section.
Rebecca has been appointed and served in multiple highly complex litigation matters by the New Jersey Superior Court as a Special Master in the areas of technology and eDiscovery. She also served on the Complex Business Litigation Committee that drafted and revised the New Jersey Court Rules involving electronic discovery. Rebecca was on the eDiscovery committee of her prior law firm and created its eDiscovery subgroup.
Rebecca is on the Board of Governors for Temple University Health Systems and is also the Acting Dean of Online Learning and an adjunct professor at Drexel University’s Thomas R. Kline School of Law.
- Glenn KapetanskyChief Security Officer & Technology Lead, Trexin Group
Glenn Kapetansky has a passion for building systems, organizations, and teams, and has done so across a number of business sectors, technologies, and roles. For over 20 years, Glenn has advised senior executives and built teams throughout the delivery cycle: strategy, architecture, development, quality assurance, deployment, operational support, financials, and project planning. His credentials were earned in such diverse industries as healthcare, finance, energy, consumer products, and telecommunications. Glenn's current focus areas—as Senior Principal and Chief Security Officer at Trexin Group—are agile management, data protection, and audit/regulatory compliance.
Glenn speaks and publishes on occasion. He has been named numerous times in various Who's Who, and is a repeat recipient of Bell Labs' Arno Penzias Award for Innovation in the Marketplace. He is active in CIO Roundtables, CISO Chicago, the Chicago Life Sciences Consortium, and the Technology Leaders' Association. Glenn's certifications and memberships include IEEE, ISC2 (CISSP), ISACA (CISA), and ITIL (SM).
- Belinda Enoma, CIPP/USFounder & Strategist, istartandfinish.com
Belinda Enoma is a privacy and cybersecurity consultant with a legal and technology background. She offers virtual privacy and cybersecurity services including risk mitigation solutions and building privacy programs from scratch. She is a writer, corporate trainer, lifestyle strategist, mentor, and coach to women in the cybersecurity and data protection industry. Her published work includes “Data breach in the travel sector and strategies for risk mitigation,” (Journal of Data Privacy and Protection, Volume 3.4, 2020). Belinda is a Certified Information Privacy Professional (CIPP/US) and has an LLM from Benjamin N. Cardozo Law School, New York.
- Louis-David (LD) ManginCEO & Co-Founder, Confiant Inc.
Louis-David ("LD") is CEO and Co-Founder of Confiant, a cybersecurity startup specialized in threats that use digital ads as a cyber-attack vector. With 130+ custom ad tech integrations, Confiant has a unique vantage point to track credential phishing, malware infected software, investment scams, and more! Confiant is the sixth startup LD has been a part of and the second he co-founded. He holds a Bachelors in Computer Science from Boston College, Chestnut Hill, Massachusetts.
- Kristen SpaethSr. Investigator, Global Intelligence, Coinbase
Kristen Spaeth is a Senior Investigator on the Global Intelligence team at Coinbase, where she works on investigations involving criminal matters in coordination with law enforcement partners. Prior to joining Coinbase, she was a Senior Cybercrime Analyst in the Cybercrime and Identity Theft Bureau at the Manhattan District Attorney’s Office. She has been the investigative lead on numerous complex long-term investigations involving identity theft, money laundering, terrorism financing, bank fraud, network intrusions and enterprise corruption.
- Casey McGeeAssistant to the Special Agent in Charge, New York Field Office, U.S. Secret Service
Casey McGee is an Assistant to the Special Agent in Charge in the New York Field Office of the U.S. Secret Service. He leads efforts to increase public and private partnership in the investigation of complex transnational criminal investigations involving the use of digital assets. In an executive developmental role, ATSAIC McGee served as the Advisor to the Vice President of Global Intelligence at Coinbase where he identified opportunities for joint USSS/Coinbase initiatives and partnered with various leaders across both organizations to implement cross functional programs. He holds a Juris Doctor from Vermont Law School and a Bachelor of Science from the University of Notre Dame.
- Greg DunlaveySupervising Investigator, New York County District Attorney's Office
Greg Dunlavey is a Supervising Investigator for the New York County District Attorney. Assigned to the Cybercrime and Identity Theft Bureau, his squad investigates sim swaps, DeFi exploits, and NFT thefts, as well as identity theft, business email compromise schemes and cyberstalking. He has been an Investigator for 12 years, previously serving in the Major Economic Crimes Bureau, and is a Certified Fraud Examiner. He formerly taught the NCFI Digital Currency Course and is a certified instructor in firearms and defensive tactics. He graduated from Colgate University in 2007.
- Moderator: Joe WalshM.A.C.J. Program Director and Assistant Professor of Criminal Justice/Computer Science, DeSales University
Joe Walsh teaches digital forensics and computer security at DeSales University. He previously worked as a senior security consultant where he performed security assessments, conducted penetration testing, and responded to computer security incidents. He has been a police officer for 13 years and is a former member of the ICAC Task Force and the FBI Child Exploitation Task Force, where he was responsible for conducting online undercover investigations and digital forensic examinations. Joe has a bachelor's degree in Information Systems, a master's degree in Criminal Justice/Digital Forensics, a master's degree in Information Systems/Cybersecurity, and is currently pursuing a Ph.D. in Information Systems with a concentration in Cybersecurity.
- Deidre DiamondFounder and CEO, CyberSN and Secure Diversity
Deidre Diamond is the founder and CEO of CyberSN, the largest cybersecurity talent acquisition technology and services firm in the U.S., transforming job searching and hiring for the cybersecurity industry. Standardizing all cybersecurity job functions into a common taxonomy of 45 roles, the CyberSN platform allows professionals to make anonymous, public profiles that match with employer-posted job descriptions using the same taxonomy. This innovation is disruptive and solves a serious national security issue. Deidre’s leadership style combines 25 years of experience working in technology and staffing, her love of the cybersecurity community, and a genuine enthusiasm for people. She has led large-scale sales and operations and built high-performance teams at Rapid7 and Motion Recruitment prior to founding her own organizations. She believes a company-culture established on ‘anything is possible’ attitudes and open communication frameworks, along with positive energy, career advancement, and kindness, enables her teams to have fun at work and reach beyond peak performance. She also encourages the use of EQ (Emotional Intelligence) skills: self-awareness, self-regulation, motivation, social skills, and empathy. Deidre has also founded SecureDiversity.org, a non-profit organization working to raise awareness for, and increase the hiring of, women and underrepresented humans in the cybersecurity workforce. She has also spoken at some of the biggest tech summits, conferences, and podcasts in the world including ISC2 Congress, RSA, ISSA International, and Hacker Halted.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Join us for high-quality, affordable cybersecurity training and networking. Sign up today!