googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Tuesday, October 15, 2024
    7:30 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:30 am - 4:15 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 4:30 pm
    Location / Room: Exhibitor Hall

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    8:00 am
    Advisory Council Roundtable Breakfast (VIP / Invite only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 8:45 am
    Location / Room: Julliard / Imperial

    Moderated discussion for SecureWorld Advisory Council members. By invite only.

    8:00 am
    Managing the Increasing Cyber Attack Surface Area
    • session level icon
    speaker photo
    Head of Cybersecurity Audit, BNY Mellon
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am
    Location / Room: Alvin / Carnegie

    A company’s perimeter has traditionally been the focus of attack surface management. Over the last few years, this has undergone a radical transformation from third-party vendor connections, contractor access, cloud services, and APIs that connect in various ways to the company’s systems and data.

    Identifying and Managing the attack surface is fundamental to protecting the company assets from cyber threats. It is imperative to look beyond the traditional perimeter and ask the right questions to gain visibility into the effective attack surface that must be protected and monitored.

    8:00 am
    How to Make Sure Cybersecurity Is Everyone's Job
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconOpen Sessions
    8:00 am - 8:45 am
    Location / Room: Lyceum

    Join CISO Kip Boyle for an eye-opening presentation on building a robust cybersecurity culture throughout your organization. With over two decades of experience as a Chief Information Security Officer, Kip shares practical insights on why cybersecurity isn’t just about technology—it’s about people.

    In this engaging session, you’ll discover:

    • Why a strong cybersecurity culture is crucial for protecting your reputation, saving costs, and preserving management options
    • The four key components of cybersecurity culture and how they interact
    • Practical strategies for cultivating good cybersecurity habits among employees
    • The vital role of supervisors and teams in shaping security culture
    • Real-world success stories, including Liberty Mutual’s “Responsible Defender” program

    Kip breaks down complex concepts into actionable steps, showing you how to make cybersecurity personal and relevant for every member of your organization. You’ll learn how to set clear expectations, encourage both in-role and extra-role behaviors, and create effective incentives for cybersecurity compliance.

    Whether you’re a seasoned IT professional or a business leader looking to enhance your organization’s security posture, this presentation offers valuable insights for everyone. Kip’s approach emphasizes that creating a strong cybersecurity culture takes time, but with the right strategies, you can significantly improve your company’s safety in the digital world.

    Don’t miss this opportunity to learn from a leading expert how to truly make cybersecurity everyone’s job in your organization.

    8:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    8:45 am - 9:00 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    9:00 am
    [Opening Keynote] Failing Forward: Incident Response and the Lessons from Vendor Disruptions
    • session level icon
    speaker photo
    SVP, CIO, and CISO, OTC Markets Group Inc.
    speaker photo
    SVP & CISO, Pendulum Holdings, LLC; CISO, MarcyPen Capital Partners, LLC
    speaker photo
    CISO, Author, and Mentor
    speaker photo
    Adjunct Professor, NYU; Lecturer, Columbia University
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 9:45 am
    Location / Room: Keynote Theater

    In today’s interconnected world, third-party vendor failures can unravel even the best-laid cybersecurity plans. The recent CrowdStrike incident is a prime example of how vendor issues can cause widespread disruptions across industries. But every failure is also an opportunity. This keynote will explore managing and responding to vendor-related incidents effectively and how organizations can “fail forward”—learning from mistakes, refining processes, and emerging stronger. Attendees will learn about turning crisis into a learning opportunity, ensuring that today’s setbacks fuel tomorrow’s resilience.

    This session is essential for leaders looking to build a more adaptive, resilient incident response strategy.

    9:45 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:45 am - 10:15 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    10:15 am
    Evolve Your Cybersecurity Strategy: Staying Ahead of the Curve
    • session level icon
    speaker photo
    Global CISO, OPKO Health, Inc.
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: Alvin / Carnegie

    Keeping your organization secure in today’s fast-evolving cyber threat landscape requires agility, foresight, and a well-rounded strategy. Join Afzal Khan as he explores the essential components of a robust cybersecurity strategy that aligns with your business objectives. This session will explore redesigning and evolving your security approach to stay ahead of emerging threats while maintaining business agility. Khan will share actionable best practices for building an efficient roadmap, ensuring your organization is reactive and proactive in addressing future risks.

    Attendees will leave with insights into the following:

    • Essential components underpinning your overall security strategy and business agility.
    • Redesign and evolve your cybersecurity strategy to try and stay ahead of the game.
    • Best practices for crafting a security roadmap that supports long-term resilience.
    10:15 am
    The Hitchhiker's Guide to a Cybersecurity Data Program
    • session level icon
    speaker photo
    VP, Cyber Analytics, BlackRock
    speaker photo
    VP, Cyber Observability, BlackRock
    Registration Level:
    • session level iconConference Pass
    10:15 am - 11:00 am
    Location / Room: Lyceum

    Do you want to discover the best practices and tools for security data program? Do you want some options to help bring value to your security data, make sense of it, and either alert or make analytics on it? Do you want to learn more about data tiering and understanding how to efficiently store security data? If you answered yes to any of these questions, then this session is for you. Join us as we take you on a journey through the Cyber Security Data universe, where you will learn how to monitor, measure, and improve your analytics and observability within security.

    10:15 am
    Harnessing Data to Improve the Way You Tackle Asset and Compliance Challenges
    • session level icon
    speaker photo
    Principal Security Strategist, Splunk
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:00 am
    Location / Room: Edison

    The modern digital landscape is a complex mix of devices, users, and a wide array of products and applications, all spread across on-prem, cloud, and hybrid environments. In an ever-expanding IOT driven world, organizations can struggle to keep track of all the assets that make up their business and ensure that each and every one of those assets is secure, up-to-date, and in line with the latest security compliance and regulatory standards.

    Join us as we explore how your organization can enhance your approach to asset discovery and compliance monitoring and redefine how you tackle security investigations and risk management.

    10:15 am
    Advisory Council Roundtable Discussion (VIP / Invite only)
    • session level icon
    Exploring Nonhuman Identities in the Digital Age
    Registration Level:
    • session level iconVIP / Exclusive
    10:15 am - 11:00 am
    Location / Room: Julliard / Imperial

    While organizations have long prioritized securing human users, non-human identities – like applications, scripts, and automated services – are often overlooked.

    The 2024 Non-Human Identity Security Report from Aembit, based on a survey of over 100 security and IT professionals, uncovers the disparity between human and non-human identity security, and why it’s creating vulnerabilities and breaches in modern infrastructure.

    The report also explores the specific challenges of managing non-human identities and securing software workload access to critical resources. As you’ll learn, given the rapid rise of cloud services, automation, and distributed architectures, the risks are becoming too big to ignore.

    Why Download the Report?

    • Human vs. Non-Human IAM: Understand what’s driving the gaps in prioritizing human vs. non-human identity security – and what it means for your organization’s risk profile.
    • Peer-Driven Data: Responses from over 100 of your peers reveal why and how their organizations are struggling to secure non-human identities with traditional approaches.
    • Actionable Recommendations: Use this data to inform your security strategy with hands-on advice and raise awareness among key stakeholders.

    Dig into the full report (no registration required!) to get a clear view of where non-human identities are slipping through the cracks and the practical steps your team can take to lock down these gaps.

    11:00 am
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:00 am - 11:10 am
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    11:10 am
    How to Build Trustworthy and Secure AI Systems: Key Frameworks & Vulnerabilities You Need to Know
    • session level icon
    speaker photo
    Principal | ISO Practice Director | AI Assessment Leader, Schellman
    speaker photo
    Managing Director, Penetration Testing Team, Schellman
    Registration Level:
    • session level iconConference Pass
    11:10 am - 11:55 am
    Location / Room: Lyceum

    The advancements of artificial intelligence (AI) have taken both popular culture and almost every industry by storm, due to the technology’s far-reaching abilities to augment human skills and bring safety and efficiency to several areas of our everyday lives. But these systems also bring with them a wealth of challenges, from ethics to security. We must be just as concerned about an organizations’ use of AI in critical workflows as we should be about LLMs disclosing sensitive data. How we evaluate these systems security, resilience, and robustness will be driven by well-established bedrock principles in both audit and assessments.

    11:10 am
    Mind the Gap: Why Modern Vulnerability Management Demands More than Scan-and-Patch
    • session level icon
    speaker photo
    Sr. Technical Director, Skybox Security
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: Edison

    Too many vulnerability management programs operate on incomplete or out-of-date scan data. What’s more, this data is rarely if ever correlated to the importance of the asset or its exposure to potential attack across the network.

    To have a real impact on lowering your risk of cyberattack, a modern vulnerability management program needs to provide you with an up-to-the-minute view of all the vulnerabilities in the estate, immediate insights into those that matter to your organization, and how to remediate them. All without waiting for the next patch cycle.

    In this session, you will learn:

    • How the visibility of your assets, networks, business, and security data impacts vulnerability risk.
    • What scanners miss in discovery and prioritization, and how to fill in the gaps.
    • How to reduce the scan-and-patch lag from weeks to hours.

    This session explores how modern vulnerability management helps you to centralize and analyze data from the entire attack surface, prioritize those threats that represent the highest risk to you, and act more quickly to remediate those vulnerabilities most likely to be used in a cyberattack.

    11:10 am
    [Panel] Unveiling the Threat Landscape and Unmasking Digital Villains
    • session level icon
    speaker photo
    CTO, Morphisec
    speaker photo
    PreSales Engineer, Netwrix
    speaker photo
    VP, Cybersecurity, Neovera
    speaker photo
    SVP & CISO, Pendulum Holdings, LLC; CISO, MarcyPen Capital Partners, LLC
    Registration Level:
    • session level iconOpen Sessions
    11:10 am - 11:55 am
    Location / Room: Alvin / Carnegie

    In the shadows of our digital world, a clandestine battle is waged against our data, systems, and infrastructure. These hidden threats, much like the villains of comic books, lurk in the shadows, seeking to exploit vulnerabilities and disrupt our digital lives. Join us as we delve into the ever-evolving threat landscape, unmasking the villains of the digital realm and exploring their nefarious tactics.

    Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.

    Our panel provides a comprehensive overview of the current threat landscape.

    12:00 pm
    [Lunch Keynote] Who You Vote for Is Your Business; Supporting Your Local Election Workers Is Ours
    • session level icon
    speaker photo
    Regional Director, Region 2, DHS CISA
    Registration Level:
    • session level iconOpen Sessions
    12:00 pm - 12:45 pm
    Location / Room: Keynote Theater

    Session description coming soon.

    12:00 pm
    Advisory Council Roundtable Lunch (VIP / Invite only)
    • session level icon
    Beyond the Hype: Practical Strategies for Governing Generative AI in the Enterprise
    speaker photo
    Director, KMicro Tech
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 12:45 pm
    Location / Room: Julliard / Imperial

    In the session Beyond the Hype: Practical Strategies for Governing Generative AI in the Enterprise, we will examine Gartner’s ‘Hype Cycle for Artificial Intelligence’ and its implications for organizations navigating the evolving AI landscape. The discussion will explore where enterprises currently stand in their AI journey and provide insights into the practical governance and security measures needed to effectively manage generative AI in real-world applications.

    12:45 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:45 pm - 1:15 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    1:15 pm
    Privacy for All: Empowering Security Professionals in an Evolving Regulatory Landscape
    • session level icon
    speaker photo
    Founder & Managing Attorney, Avant-Garde Legal, P.C.
    Registration Level:
    • session level iconConference Pass
    1:15 pm - 2:00 pm
    Location / Room: Lyceum

    In an era of rapidly evolving privacy regulations, security professionals face unprecedented challenges in safeguarding data. This session delves into practical strategies for implementing robust privacy practices.

    1:15 pm
    Lift and Shift Is Dead: Embrace Cloud Native Security Mindset
    • session level icon
    speaker photo
    CEO, Stream Security
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm
    Location / Room: Edison

    The most significant barrier to securing the cloud is the “lift and shift” approach, where traditional, on-premises security practices are applied to cloud environments. This method overlooks the dynamic nature of the cloud, leaving organizations vulnerable to evolving threats.

    In this session, we’ll discuss the core principles of the cloud and how to adopt a cloud-native security approach aligned with these principles. Attendees will learn strategies to move beyond the lift-and-shift mindset, better protect their cloud environments, and change . Join us to discover how to fully leverage the cloud’s potential for agility, scalability, and resilience.

    1:15 pm
    [Panel] Elevating Security Through Threat Intelligence, Cloud Resilience, and AI Innovations
    • session level icon
    speaker photo
    Director, Americas Security Solutions Engineering, Dynatrace
    speaker photo
    CEO, Envision Technology Advisors
    speaker photo
    Managing Director, Strategic Advisory Group, SentinelOne
    speaker photo
    Global CISO, OPKO Health, Inc.
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:00 pm
    Location / Room: Alvin / Carnegie

    Staying ahead requires a proactive and multifaceted approach in an era of increasingly sophisticated cyberattacks. This expert panel will explore how organizations can elevate their cybersecurity posture by leveraging advanced threat intelligence, building cloud resilience, and integrating AI-driven innovations.

    Discover how threat intelligence is evolving to offer more predictive and actionable insights, how cloud resilience strategies are vital for safeguarding critical infrastructure, and how cutting-edge AI tools can automate detection, response, and even decision-making in the fight against emerging threats.

    Join us for an in-depth discussion on how these critical components work together to form a stronger, smarter, and more adaptive security ecosystem.

    2:00 pm
    Networking Break
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:00 pm - 2:10 pm
    Location / Room: Exhibitor Hall

    Visit the Exhibitor Hall to network with attendees and connect with our vendor sponsors and association partners.

    2:10 pm
    Tales from the Crypt: CIS Controls Version 8
    • session level icon
    speaker photo
    CIO, Mandelbaum Barrett PC
    Registration Level:
    • session level iconConference Pass
    2:10 pm - 2:55 pm
    Location / Room: Lyceum

    In today’s rapidly evolving cyber threat landscape, businesses of all sizes face increasing challenges in safeguarding their critical assets and maintaining compliance with regulatory requirements. The Center for Internet Security (CIS) Version 8 Controls provide a comprehensive framework designed to enhance an organization’s cybersecurity posture. This presentation aims to offer businesses practical guidance and real-world insights into implementing CIS V8 Controls, leveraging the expertise of a seasoned enterprise consultant.

    Attendees will gain an understanding of the foundational principles of CIS V8 Controls, including how to prioritize and implement these controls effectively within their organizations. The presentation will cover key topics such as risk assessment, asset management, access control, and incident response. Real-world case studies will be shared to illustrate common challenges and successful strategies for overcoming them.

    By the end of this session, business leaders and IT professionals will be equipped with actionable steps to enhance their cybersecurity defenses, mitigate risks, and ensure compliance. This presentation is ideal for organizations seeking to strengthen their security framework with proven methods and expert guidance.

    Join us to learn how to navigate the complexities of cybersecurity with confidence and protect your business from emerging threats using the CIS V8 Controls.

    Key Takeaways:

    • Prioritization and Implementation Strategies: Attendees will learn how to effectively prioritize and implement the CIS V8 Controls within their organizations, ensuring that critical security measures are addressed first to maximize impact and resource efficiency.
    • Real-World Case Studies and Practical Insights: Through real-world case studies and the consultant’s extensive experience, participants will gain practical insights into common challenges and successful approaches to applying the CIS V8 Controls in diverse business environments.
    • Actionable Steps for Enhanced Cybersecurity: The session will provide clear, actionable steps for businesses to enhance their cybersecurity posture, mitigate risks, and achieve compliance with regulatory standards, empowering them to confidently protect their critical assets against evolving cyber threats.
    2:10 pm
    Keeping Secrets Out of Logs
    • session level icon
    speaker photo
    Staff Security Engineer, Vanta
    Registration Level:
    • session level iconOpen Sessions
    2:10 pm - 2:55 pm
    Location / Room: Edison

    Leaking secrets in application logs has happened to many companies and is a notoriously frustrating problem for security engineers to solve. There’s no silver bullet for keeping secrets out of logs, but we can use a few “lead bullets” to provide defense-in-depth at key points. This session covers concrete, actionable patterns and tools to help you keep secrets out of logs.

    2:10 pm
    [Panel] Beyond the Shadows: Anticipating Tomorrow's Cyber Threats
    • session level icon
    speaker photo
    Co-Founder & CPO, Linx Security
    speaker photo
    VP, Third-Party Risk, Panorays
    speaker photo
    MySQL Principal Solution Engineer, Oracle
    speaker photo
    Director, Advanced Threat Intelligence, Fortinet
    speaker photo
    VP, Cybersecurity Solutions, Myriad360
    speaker photo
    Head of Cybersecurity Audit, BNY Mellon
    Registration Level:
    • session level iconOpen Sessions
    2:10 pm - 2:55 pm
    Location / Room: Alvin / Carnegie

    In the dynamic realm of cybersecurity, the battle between defenders and digital villains is an ongoing saga. This forward-looking session will explore the evolution of cyber threats, forecasting the next wave of challenges that organizations and individuals may face. We aim to unmask the upcoming generation of digital villains, examining their sophisticated tactics and exploiting vulnerabilities that may become prevalent in the future.

    Our distinguished panel of cybersecurity experts will dissect the motivations driving these threats, from the ever-adapting strategies of profit-driven cybercriminals to the evolving techniques employed by state-sponsored actors wielding cyberweapons. As we peer into the future, we will also address the role of emerging technologies in reshaping the threat landscape, providing insights that empower organizations to proactively defend against tomorrow’s cyber challenges.

    Join us in this exploration of the unseen, as we strive to anticipate and understand the threats that lie beyond the shadows of the current cybersecurity landscape.

    2:10 pm
    Advisory Council Roundtable Discussion (VIP / Invite only)
    • session level icon
    Incident Response in the Age of Ransomware
    speaker photo
    VP, Cybersecurity, Neovera
    Registration Level:
    • session level iconVIP / Exclusive
    2:10 pm - 2:55 pm
    Location / Room: Julliard / Imperial
    Ransomware continues to evolve as one of the most pervasive and damaging cyber threats, putting organizations under increasing pressure to respond effectively. In this closed-door roundtable, members of the SecureWorld Advisory Council will engage in an in-depth conversation about the challenges and strategies in responding to ransomware attacks.
    Participants will explore key areas, including preparedness, communication, legal and regulatory considerations, vendor collaboration, and the balance between containment and recovery. The goal is to share actionable insights that will shape future incident response plans and strengthen organizational resilience in the face of escalating ransomware threats.
    Sponsored by:
    3:00 pm
    Networking Break and Dash for Prizes
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:30 pm
    Location / Room: Exhibitor Hall

    Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

    Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

    2:45 pm
    Happy Hour
    • session level icon
    Sponsored by Pure Storage
    Registration Level:
    • session level iconOpen Sessions
    2:45 pm - 3:45 pm
    Location / Room: Exhibitor Hall

    Join your peers for conversation and complimentary hors d’oeuvres and beverages. This is a great opportunity to network with other security professionals from the area, and to discuss the hot topics from the day.

    Generously sponsored by:

    3:30 pm
    DevSecOps: Building Security into Every Line of Code
    • session level icon
    speaker photo
    CISO, Therapy Brands
    Registration Level:
    • session level iconConference Pass
    3:30 pm - 4:15 pm
    Location / Room: Alvin / Carnegie
    In today’s fast-paced development environments, integrating security into the DevOps pipeline is no longer optional—it’s essential. This session will explore how security can be seamlessly embedded throughout the development lifecycle, transforming DevOps into DevSecOps. Join us as we discuss key strategies for reducing vulnerabilities, automating security checks, and fostering a culture of collaboration between development, operations, and security teams.
    You’ll learn practical steps to shift left, ensure continuous security monitoring, and enhance resilience without slowing down innovation. Whether you’re a developer, security professional, or IT leader, this session will equip you with the tools and insights needed to secure your organization’s software from the inside out.
    3:30 pm
    Honey, I Shrunk the Course: A Micro Approach to Cybersecurity Training
    • session level icon
    speaker photo
    Global Head of Cyber Training & Awareness, BlackRock
    speaker photo
    VP, Cyber Administration, BlackRock
    Registration Level:
    • session level iconConference Pass
    3:30 pm - 4:15 pm
    Location / Room: Keynote Theater
    Are annual cybersecurity training reminders often met with a collective sigh across your organization? Imagine transforming that reaction with tailor-made educational modules that align with your company’s security policies, leveraging the power of micro-learning. Research suggests that training in small, digestible segments can significantly boost retention, keeping cybersecurity at the forefront of your team’s mind all year round and addressing the human risk factor of cyber breaches.
    Join Titus Bickel and Adam Mullins as they delve into their journey of revolutionizing BlackRock’s cybersecurity awareness training. They’ll share insights on their implementation, the hurdles they overcame, and the triumphs they celebrated. Discover how a well-rounded strategy, combining phishing simulations, targeted campaigns, role-specific training, interactive virtual sessions, and bite-sized digital courses, can meet your employees where they are, transforming cybersecurity training into an engaging—and yes, even enjoyable—part of their annual learning journey.
    3:30 pm
    Engaging with and Driving Innovation in the Cybersecurity Startup Ecosystem
    • session level icon
    speaker photo
    Managing Partner, Holly Ventures
    Registration Level:
    • session level iconOpen Sessions
    3:30 pm - 4:15 pm
    Location / Room: Edison

    Security buyers are often inundated with requests from startups to engage in various ways, making it difficult to separate the signal from the noise.  What are these startups looking for from the security community, and how can security executives and practitioners best leverage their roles to mitigate risk within their organizations, contribute to the border cybersecurity discussion, and further their careers in an ever-changing industry?  This talk will include a survey of the cybersecurity venture capital world, as well as the variety of ways that security buyers can contribute to and benefit from the complex and innovative worlds of startups and venture capital.

  • Wednesday, October 16, 2024
    9:00 am
    [PLUS Course] Implementing the NIST Cybersecurity Framework, Including 2.0
    • session level icon
    speaker photo
    vCISO, Cyber Risk Opportunities LLC
    Registration Level:
    • session level iconSecureWorld Plus
    9:00 am - 3:00 pm
    Location / Room: Jolson, 9th floor

     

    Have you ever wondered how to actually use the NIST Cybersecurity Framework and apply it to your business or organization?

    In this course, you will get an inside look at how cybersecurity, information technology (IT), and business professionals use the NIST Cybersecurity Framework (CSF) Version 2.0 to understand and actively manage their risk posture.

    You will begin by learning the fundamentals of the NIST Cybersecurity Framework, including:

    • What are the components of the framework?
    • Why is the framework is valuable?
    • What type of organizations can use the framework?

    Then, you will dive deeper into the framework to fully understand the Framework Core, the Framework Tiers, and the Framework Implementation Profile.

    You will also review various case studies from diverse organizations across the globe, including critical infrastructure organizations, technology companies, governmental organizations, and others.

    Finally, we will spend the majority of this course walking you through how to implement this framework within your own organization by conducting a Cyber Risk Mapping (CR-MAP). This CR-MAP of your organization will aid you in identifying your weaknesses and creating a remediation plan to achieve higher levels of security by minimizing your cyber risk.

    We even include a free bonus digital workbook that helps you conduct a step-by-step Cyber Risk Mapping at the conclusion of the course.

Exhibitors
  • Aembit
    Booth: 260

    Aembit is the Identity and Access Management Platform that lets DevOps and Security teams manage, enforce, and audit access between federated workloads. Aembit provides seamless and secure access from your workloads to the services they depend on, like APIs, databases, and cloud resources, while simplifying application development and delivery

  • Arista Networks
    Booth: 330

    Arista Networks was founded to pioneer and deliver software-driven cloud networking solutions for large data center storage and computing environments. Arista’s award-winning platforms, ranging in Ethernet speeds from 10 to 100 gigabits per second, redefine scalability, agility and resilience. Arista has shipped more than 15 million cloud networking ports worldwide with CloudVision and EOS, an advanced network operating system. Committed to open standards, Arista is a founding member of the 25/50GbE consortium. Arista Networks products are available worldwide directly and through partners.

  • Black Duck
    Booth: 290

    Black Duck® offers the most comprehensive, powerful, and trusted portfolio of application security solutions in the industry. We have an unmatched track record of helping organizations around the world secure their software quickly, integrate security efficiently in their development environments, and safely innovate with new technologies. As the recognized leaders, experts, and innovators in software security, Black Duck has everything you need to build trust in your software. Learn more at www.blackduck.com.

  • Concentric AI
    Booth: 300

    Concentric AI delivers data risk assessment, monitoring, and protection for corporate data.

  • Corelight
    Booth: 340

    Corelight makes powerful network security monitoring solutions that transform network traffic into rich logs, extracted files, and security insights for incident responders and threat hunters. Corelight Sensors run on open-source Zeek (formerly called “Bro”) and simplify Zeek deployment and management while expanding its performance and capabilities. https://www.corelight.com

  • Delinea
    Booth: 100

    Delinea is a leading provider of privileged access management (PAM) solutions that make security seamless for the modern, hybrid enterprise. Our solutions empower organizations to secure critical data, devices, code, and cloud infrastructure to help reduce risk, ensure compliance, and simplify security. Delinea removes complexity and defines the boundaries of access for thousands of customers worldwide. Our customers range from small businesses to the world’s largest financial institutions, intelligence agencies, and critical infrastructure companies.

  • Dynatrace
    Booth: 130

    Dynatrace (NYSE: DT) exists to make the world’s software work perfectly. Our unified software intelligence platform combines broad and deep observability and continuous runtime application security with the most advanced AIOps to provide answers and intelligent automation from data at enormous scale. This enables innovators to modernize and automate cloud operations, deliver software faster and more securely, and ensure flawless digital experiences. That is why the world’s largest organizations trust the Dynatrace® platform to accelerate digital transformation.

  • Envision Technology Advisors
    Booth: 140

    Envision Technology Advisors is a business and technology consultancy specializing in Digital Transformation, Cybersecurity, Business Continuity, Infrastructure Consulting, Web Design and Development, and much more. With offices in Rhode Island and the Boston area, Envision serves clients throughout New England and beyond.

  • Fortinet
    Booth: 180

    Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network—today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.

  • HUGHES
    Booth: 350

    Hughes Managed Cybersecurity offers comprehensive network security solutions tailored to your specific needs. As an MSSP, we provide customizable controls including MDR, Ransomware & Zero-day Prevention, SOC-as-a-service, UTM, SIEM, and more. Our Managed SASE combines SD-WAN and SSE for secure access, zero trust, and data protection. Choose from fully managed or self-service options to fit your organization’s needs. Our team of experts can provide tailored guidance and support to help you achieve your security goals, including compliance with industry standards and regulations. We prioritize business outcomes such as ease-of-use, peace of mind, and customer satisfaction.

  • InfraGard New York Metro
    Booth: TBD

    The New York City Metro InfraGard Members Alliance (NYM-IMA) is a local program of the INMA. The New York Metro InfraGard Chapter holds regular meetings and provides members with a forum for information sharing within a secure environment, while focusing on protecting the critical infrastructure of New York City and surrounding areas.

    Member’s alliance are part of a national network of FBI-vetted volunteers who are critical infrastructure SME in one or more sectors. It provides a trusted forum for the real-time exchange of information, training and expertise related to the protection of critical infrastructure and key resources from both physical and cyber threats.

  • ISACA New York Metropolitan Chapter
    Booth: TBD

    Our Mission: As a leading ISACA chapter, our mission is to serve our membership by providing world-class training, networking opportunities, and guidance while contributing to the profession both locally and internationally. Today, ISACA is a worldwide organization with over 200 chapters and the New York Metropolitan Chapter has grown to be one of the largest ISACA chapters in the world.

    Our Membership: The New York Metropolitan Chapter has over 3,800 members, from the information systems audit/assurance, information security, IT risk management, and governance professions. Our members represent a wide array of industries including financial services, accounting and consulting, legal services, education, entertainment, health care, retail, public utilities, and government/regulatory entities – and hold positions ranging from entry level staff to senior management.

  • ISC2 New York City & Long Island
    Booth: TBD

    ISC2 is based out of Palm Harbor, Florida and consists of over 80,000 members worldwide.  Our chapter program provides members a forum to facilitate the exchange of knowledge and ideas, development of leadership and professional skills, and advancement of information systems security.  We also provide our members with access to a variety of industry resource and educational programs to keep our members informed of the latest advances in technology and techniques.

    Membership
    Our members consist of ISC2 credentialed professionals who hold either a SSCP, CAP, CSSLP, and/or a CISSP or advanced concentration certification. Our chapter program is focused on sharing knowledge and exchanging ideas among security professionals in the local area.  Ultimately, we want to advance the field of information security by educating practitioners and the public at large on how to protect and defend against security threats.  Learn more about the benefits of becoming a Chapter Member, visit our Membership page.

  • Keysight
    Booth: 275

    Keysight’s portfolio of network security solutions simulate threats, eliminate blind spots, taking control of a rapidly-changing attack surface. Be a hero, not a headline, by proving your network is secure simulating attacks, exposing gaps early, and course correct with step-by-step fixes; protecting users and applications with increased the efficiency, performance, and reliability of your security systems;  patrolling every packet eliminating vulnerable blind spots and decrypt threats hiding in SSL traffic; and practice your cyber skills enhancing your security and attack response skills against real-world threats.

  • KMicro Tech, Inc.
    Booth: 150

    KMicro Tech Inc. provides a suite of scalable IT managed services combining streamlined cloud and on premise solutions that are specific to the needs of our enterprise customers. We enable our clients to focus on their business and not IT. We do that by working closely with our clients to understand their business and help them navigate through information technology so their companies are positioned to thrive in today’s competitive marketplace.

  • Linx Security
    Booth: 320

    The Linx Identity Security platform enables identity, security, and IT ops teams to finally control the whole identity lifecycle. A radical departure from legacy identity security solutions, Linx untangles the complex, ever-evolving web of identity security. Integrating smoothly with your IAM stack, Linx pulls together all your organization’s identity data—organizing it neatly to reveal the hidden links between your employees, their digital identities, and the apps, software, platforms, and programs they have access to. Enabling you to continuously reduce your identity attack surface and swiftly close gaps in compliance.

  • Magna5
    Booth: 250

    Magna5 provides managed IT services, cybersecurity, private and public cloud hosting, backup and disaster recovery and other advanced IT services to mid-market and enterprise customers, including leaders within the education, healthcare, government, financial services, manufacturing, and other industry segments. Headquartered in Pittsburgh, PA, Magna5 has customers nationally. Magna5 is a NewSpring Holdings platform company.

  • Morphisec
    Booth: 200

    Morphisec is the world leader in providing advanced security solutions for midsize to small enterprises around the globe. We simplify security and can automatically block modern attacks from the endpoint to the cloud. Unlike traditional security solutions relying on human intervention, our solutions deliver operationally simple, proactive prevention. We protect businesses around the globe with limited security resources and training from the most dangerous and sophisticated cyber attacks.

  • Myriad360
    Booth: 210

    Technology holds infinite potential for your business. And we’re here to unlock it.

    As a global systems integrator, Myriad360 strives to go beyond being a service provider, vendor, or consultant. We will become an extension of your team and your strategic ally in the relentless pursuit of technological advancement.

    The world is changing rapidly, with advancements in cloud services, AI solutions, cybersecurity, hardware procurement, and data center modernization. At Myriad360, we offer the expertise you need to drive innovation in your business at unparalleled speeds.

    Our clients include industry pioneers, marketplace game-changers, and technology visionaries. They are the doers, the creators, the innovators. They chose Myriad360 because they needed a world-class partner to transform their ideas into reality on a global scale.

  • Neovera
    Booth: 215

    Neovera is the trusted advisor that provides full cybersecurity and cloud services to enterprises with complex challenges and demanding regulatory requirements. Businesses globally rely on Neovera to expertly design, build, secure, and manage their mission-critical business infrastructure backed by its deep expertise in cybersecurity and cloud domains.

  • Netwrix
    Booth: 190

    Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect, respond to and recover from attacks, limiting their impact.
    More than 13,000 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure.

  • Okta
    Booth: 280

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • Ontinue
    Booth: 270

    As a leading provider of AI-powered managed extended detection and response (MXDR) services, Ontinue is on a mission to be the most trusted security partner that empowers customers to embrace and accelerate digital transformation by using AI to operate more at scale, and with less risk. The combination of AI and human expertise is essential for delivering effective managed security that is tailored to a customer’s unique environment, operational constraints, and risks. Our MXDR service combines powerful proprietary AI with the industry’s first collaboration with Microsoft Teams to continuously build a deep understanding of our customers’ environments, informing how we prevent, detect, and respond to threats. Our Microsoft expertise allows customers to achieve these outcomes with the Microsoft Security tools they already own. The result is highly localized managed protection that empowers security teams to be faster, smarter, and more cost efficient than ever before.

  • Opal Security
    Booth: 255

    Opal Security’s platform helps security teams achieve and manage least privileged access across complex enterprises. Managing access becomes straightforward with Opal, integrating a continuous security workflow into identity management to detect, prioritize, and mitigate risky access and privileges. Organizations can significantly reduce their attack surface and minimize the impact of potential breaches.

  • OWASP – New York City
    Booth: TBD

    OWASP Foundation is a 501(c)3 Not for Profit association with local and global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button.

  • MySQL
    Booth: 240

    MySQL Enterprise Edition includes the most comprehensive set of advanced features, management tools and technical support to achieve the highest levels of MySQL scalability, security, reliability, and uptime. It reduces the risk, cost, and complexity in developing, deploying, and managing business-critical MySQL applications.

  • Panorays
    Booth: 205

    Panorays is a leading provider of innovative third-party security risk management solutions, helping organizations worldwide manage their vendor risk effectively and efficiently. Through its AI-powered platform, Panorays transforms the TPRM process, providing a comprehensive and secure solution for both vendors and evaluators. The company’s commitment to innovation and excellence makes it the trusted choice for TPRM needs across various industries.

  • Pure Storage, Inc.
    Booth: 230

    Pure Storage is pioneering a new class of enterprise storage that has been designed from the ground up to take full advantage of flash memory. The company’s products accelerate random I/O-intensive applications like server virtualization, desktop virtualization (VDI), database (OLTP, rich analytics/OLAP, SQL, NoSQL), and cloudcomputing.

    Pure Storage makes it cost-effective to broadly deploy flash within the data center, enabling organizations to manage growth within existing power and space constraints. Launching later this year, the company’s products are in private beta with select customers. Pure Storage is funded by Greylock Partners and Sutter Hill Ventures.

  • Rapid7
    Booth: 120

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • Robert Half
    Booth: 265

    Robert Half, the world’s first and largest specialized talent solutions firm, connects opportunities at great companies with highly skilled job seekers. We offer contract, temporary and permanent placement solutions for roles in finance and accounting, technology, marketing and creative, legal, and administrative and customer support. Named to Fortune’s World’s Most Admired Companies and 100 Best Companies to Work For® lists and a Forbes Best Employer for Diversity, Robert Half is the parent company of Protiviti®. Robert Half is traded on the New York Stock Exchange (symbol: RHI) and is a member of the S&P 500 index.

  • SentinelOne
    Booth: 110

    SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.

  • Skybox Security
    Booth: 220

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • Splunk
    Booth: 170

    Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.

  • Stream Security
    Booth: 160

    Posture-aware Cloud Detection and Response.
    Address critical cloud risks with real-time change and behavior impact analysis. Get automated detection, triage, and investigation fused with the entire attack surface context.

  • Sumo Logic
    Booth: 310

    Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.

  • ThreatLocker
    Booth: 195

    ThreatLocker® is a global cybersecurity leader, providing enterprise-level cybersecurity tools to improve the security of servers and endpoints. ThreatLocker’s combined Application Whitelisting, Ringfencing™, Storage Control, and Privileged Access Management solutions are leading the cybersecurity market towards a more secure approach of blocking unknown application vulnerabilities. To learn more about ThreatLocker visit: www.threatlocker.com

  • Vanta
    Booth: 225

    Vanta is the leading trust management platform that helps simplify and centralize security for organizations of all sizes. Thousands of companies rely on Vanta to build, maintain and demonstrate trust in a way that’s real-time and transparent. Founded in 2018, Vanta has customers in 58 countries with offices in Dublin, New York, San Francisco and Sydney.

  • WiCyS NY Metro Affiliate
    Booth: TBD

    Women in CyberSecurity (WiCyS) NY Metro Chapter was established in 2019 to promote engagement, encouragement and support for women in cybersecurity throughout NY, NJ, and CT. We are the local chapter of the premier organization with national reach dedicated to bringing together women and allies in cybersecurity from academia, research and industry to share knowledge, experience, networking and mentoring. Once a month, people in the information security community gather to discuss the latest trends in the industry and forge connections with other individuals in the community.

  • ZeroFox
    Booth: 245

    Using diverse data sources and artificial intelligence-based analysis, the ZeroFox Platform identifies and remediates targeted phishing attacks, credential compromise, data exfiltration, brand hijacking, executive and location threats and more. The patented ZeroFox SaaS technology processes and protects millions of posts, messages and accounts daily across the social and digital landscape, spanning LinkedIn, Facebook, Slack, Twitter, Instagram, Pastebin, YouTube, mobile app stores, the deep & dark web, domains, email and more.

    Led by a team of information security and high-growth company veterans, ZeroFox has raised funding from NEA, Highland Capital, Intel Capital, Hercules Capital and others, and has collected top industry awards such as Red Herring Top 100 North America, the SINET16 Champion, Dark Reading’s Top Security Startups to Watch, Tech Council of Maryland’s Technology Company of the Year and the Security Tech Trailblazer of the Year.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Peter Bassey
    Head of Cybersecurity Audit, BNY Mellon

    Senior Cyber Security, Technology Risk and Audit Professional with over 18 years of result-oriented experience in financial services and manufacturing focused on Cyber Security, Technology Risk Management, Third Party Risk Management and IT Audits. Problem solver with proven ability for team building, process enhancements, professional mentoring and enhance team value to the business. Cyber Security thought leader and speaker at CISO/Security Conferences.

  • speaker photo
    Kip Boyle
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

  • speaker photo
    Vlad Brodsky
    SVP, CIO, and CISO, OTC Markets Group Inc.

    Vlad Brodsky serves as the Senior Vice President, Chief Information Officer, and Chief Information Security Officer at OTC Markets Group, a regulated publicly traded financial institution that operates the world’s largest OTC equity electronic marketplace. In this role, Vlad leads the firm's information security strategy, program, and processes, while also overseeing IT operations and infrastructure. With expertise in Information Security, Risk Management, IT Infrastructure Management, and Financial Services, Vlad brings a wealth of knowledge to the organization. Additionally, Vlad is an Advisor at Pellonium, a continuous and comprehensive Risk Management Platform.

  • speaker photo
    Arlenee Lopez-Ferguson
    SVP & CISO, Pendulum Holdings, LLC; CISO, MarcyPen Capital Partners, LLC

    Arlenee Lopez-Ferguson is a dynamic cybersecurity professional with proven expertise in strategizing, developing, and leading change across organizations.

    She is currently the Chief Information Security Officer at Pendulum Holdings, LLC, a strategic investment and advisory platform that seeks to accelerate opportunity and value creation for founders and leaders of color. Prior to Pendulum, she served as the CISO and Compliance Administration Manager at Summit Trail Advisors, LLC, a Registered Investment Advisory firm. At Summit Trail, Ms. Lopez-Ferguson was responsible for the governance and oversight of the compliance and cybersecurity programs including the development, implementation, and enforcement of the firm's policies and procedures. Further, in 2010, she acted as the Chief of Staff to the Chief Operating Officer of Barclays Wealth, and Secretary to the Global Wealth Investment Committee. She earned a BA in Criminal Justice from John Jay College and, most recently, a Certificate of Cyber Security Risk Management from Harvard.

    Beyond her professional achievements, Arlenee embraces her roles as a wife and proud "boy mom" of two. As a New Yorker, she is passionate about giving back to her often-underserved community. She is an avid mentor, dedicating much of her free time to guiding and supporting young women aspiring to enter the financial, tech, legal, and compliance fields.

  • speaker photo
    Matthew Webster
    CISO, Author, and Mentor

    Matthew Webster's IT and cybersecurity journey began in 1997, quickly rising through the ranks at a university computer center. Soon, he was navigating federal cybersecurity at the Center for Medicare and Medicaid Services, mastering frameworks like NIST SP 800-53 and IRS 1075. This rigorous environment, with up to 8 audits annually, prepared him for his first CISO role at Healthix, where he built the cybersecurity program from the ground up, using frameworks like SOC 2 and HITRUST to protect millions of records.

    Matthew holds a Master's degree and more than 20 industry certifications, including CISSP, CISA, and CRISC. He stays up-to-date by attending key industry events like RSA and HIMSS, ensuring he’s well-versed in the latest threats and solutions.

    In addition to his CISO roles, he spent years in cybersecurity sales, gaining invaluable insights from evaluating hundreds of products. This unique experience gives him a sharp understanding of both organizational needs and the capabilities of cutting-edge security tools.

    Matthew bridges the gap between innovation and regulation, bringing a balanced and insightful approach to building secure, compliant programs and implementing advanced solutions.

  • speaker photo
    Mike Wilkes
    Adjunct Professor, NYU; Lecturer, Columbia University

    Senior professional with broad experience designing, building and securing high-availability mission critical infrastructures for the infosec, financial services, energy, healthcare, travel, media and retail sectors.

  • speaker photo
    Afzal Khan
    Global CISO, OPKO Health, Inc.

    Afzal Khan is a distinguished leader in the field of technology security and risk management, bringing over 26 years of expertise to his role. Currently serving at OPKO, he provides strategic direction and guidance on technology risk management, IT, OT, and cybersecurity, ensuring compliance with IT regulatory standards across domestic and international entities. Afzal's extensive experience includes notable positions such as the Global Head of IT Security, Risk Management & Compliance at Everest Reinsurance, where he led critical projects and built robust organizational teams. He holds 7 security and risk management certifications, including CISSP, CISA, and CRISC, underscoring his deep knowledge in the field. Afzal is renowned for his visionary approach, aiming to establish a secure technology platform aligned with business objectives, emphasizing a business-focused and risk-based approach to security decisions. His dedication to operational excellence and adaptability in the face of disruptive technologies have made him a trusted leader in the industry.

  • speaker photo
    Chris Jennings
    VP, Cyber Analytics, BlackRock
  • speaker photo
    Matthew Jochym
    VP, Cyber Observability, BlackRock
  • speaker photo
    Dimitri McKay
    Principal Security Strategist, Splunk

    Dimitri McKay is a Principal Security Strategist and CISO Advisor for Splunk with 20+ years of infosec experience, ranging from penetration testing, vulnerability assessment work, security program creation and maturation. His role today focuses on all aspects of Security: people, process and technology, and has a breadth of knowledge built upon years of customer engagements in the Fortune 500. Dimitri McKay has held a list of positions in the security space through his twenty-five plus years of working with Fortune 500 companies in and around security best practices, program maturity and design. His education began at Harvard University and continued with a number of acronymed certifications. He is an avid public speaker, author and proponent for security best practices, compliance and risk reduction. Currently he’s a Principal Security Strategist for Splunk. Prior to that he did penetration testing and vulnerability assessment consulting work. You can follow Dimitri on X (Twitter) @Dimitri McKay

  • speaker photo
    Mario Duarte, Moderator
    CISO, Aembit

    Mario has 20+ years of experience as a security professional working in the tech, retail, health care, and financial sectors. He has built and managed security teams and developed and implemented security programs for private and public organizations. He serves as an advisory board member at several cybersecurity companies as well as an investor for early stage startups in the cybersecurity space.

  • speaker photo
    Danny Manimbo
    Principal | ISO Practice Director | AI Assessment Leader, Schellman

    Danny Manimbo is a Principal with Schellman based in Denver, Colorado. As a member of Schellman’s West Coast / Mountain region management team, Danny is primarily responsible for leading Schellman's AI and ISO practices as well as the development and oversight of Schellman's attestation services. Danny has been with Schellman for 10 years and has over 13 years of experience in providing information security and data privacy audit and compliance services. Danny has achieved the following certifications relevant to the fields of accounting, auditing, and information systems security and privacy: • Certified Public Accountant (CPA) • Certified Information Systems Security Professional (CISSP) • Certified Information Systems Auditor (CISA) • Certified Internal Auditor (CIA) • Certificate of Cloud Security Knowledge (CCSK) • Certified Information Privacy Professional – United States (CIPP/US)

  • speaker photo
    Josh Tomkiel
    Managing Director, Penetration Testing Team, Schellman

    Josh Tomkiel is a Managing Director on Schellman’s Penetration Testing Team based in the Greater Philadelphia area with over a decade of experience within the Information Security field. He has a deep background in all facets of penetration testing and works closely with all of Schellman's service lines to ensure that any penetration testing requirements are met. Having been a penetration tester himself, he knows what it takes to have a successful assessment. Additionally, Josh understands the importance of a positive client experience and takes great care to ensure that expectations are not only met but exceeded.

  • speaker photo
    Dr. Howard Goodman
    Sr. Technical Director, Skybox Security

    Howard Goodman, with a distinguished career spanning two decades, has emerged as a pivotal figure in cybersecurity, seamlessly integrating strategic planning with hands-on cybersecurity applications across numerous sectors. His significant contributions to organizations like Skybox Security highlight his prowess in navigating through the intricate realms of cybersecurity. A U.S. Navy veteran and holder of a Ph.D. in Cyber Operations, specializing in meticulously formulating and implementing security strategies.

    Throughout his journey, he has consistently demonstrated a steadfast ability to deliver tangible results, adeptly crafting strategies while precisely evaluating the risks, issues, and benefits of long-term initiatives. His unique talent lies in skillfully communicating complex technical concepts to both senior executives and non-technical stakeholders, ensuring a thorough understanding of the projects and strategies under his leadership. Dr. Goodman's trajectory in the field reveals a leader who not only navigates through the complexities of the digital and cybersecurity domain but also stands as a reliable guide, ensuring strategic and secure operations in all his endeavors.

  • speaker photo
    Michael Gorelik
    CTO, Morphisec

    Morphisec CTO Michael Gorelik leads the malware research operation and sets technology strategy. He has extensive experience in the software industry and leading diverse cybersecurity software development projects. Prior to Morphisec, Michael was VP of R&D at MotionLogic GmbH, and previously served in senior leadership positions at Deutsche Telekom Labs. Michael has extensive experience as a red teamer, reverse engineer, and contributor to the MITRE CVE database. He has worked extensively with the FBI and US Department of Homeland Security on countering global cybercrime. Michael is a noted speaker, having presented at multiple industry conferences, such as SANS, Gartner, DefCon, RSA, and GovWare. Michael holds BSc and MSc degrees from the Computer Science department at Ben-Gurion University, focusing on sychronization in different OS architectures. He also jointly holds seven patents in the IT space.

  • speaker photo
    Daniel McLaughlin
    PreSales Engineer, Netwrix

    With over eight years of experience at Netwrix, Dan McLaughlin currently serves as the Solutions Engineering Team Lead, where he leverages his extensive knowledge in Data, Identity, and Infrastructure. Prior to this role, Dan honed his skills in post-sales and product management, ensuring that clients achieve optimal security solutions tailored to their needs. Passionate about safeguarding data and enhancing security practices, Dan is committed to driving innovation and excellence in the field of cybersecurity.

  • speaker photo
    Paul Underwood
    VP, Cybersecurity, Neovera

    Paul has more than 30 years of experience working in the Information Security space including 8 years with the US Air Force. Paul was a principal at Digital Signature Trust back in the 90’s working on Public Key Cryptography utilizing Hardware Security Modules to create Root certificates for the Browsers for trusted Root Certificates including the first Entrust Root Certificate to be published in a browser. His experiences have led him to be a knowledgeable and experienced Trusted Security advisor for many fortune 500 customers over the years.

  • speaker photo
    Arlenee Lopez-Ferguson, Moderator
    SVP & CISO, Pendulum Holdings, LLC; CISO, MarcyPen Capital Partners, LLC

    Arlenee Lopez-Ferguson is a dynamic cybersecurity professional with proven expertise in strategizing, developing, and leading change across organizations.

    She is currently the Chief Information Security Officer at Pendulum Holdings, LLC, a strategic investment and advisory platform that seeks to accelerate opportunity and value creation for founders and leaders of color. Prior to Pendulum, she served as the CISO and Compliance Administration Manager at Summit Trail Advisors, LLC, a Registered Investment Advisory firm. At Summit Trail, Ms. Lopez-Ferguson was responsible for the governance and oversight of the compliance and cybersecurity programs including the development, implementation, and enforcement of the firm's policies and procedures. Further, in 2010, she acted as the Chief of Staff to the Chief Operating Officer of Barclays Wealth, and Secretary to the Global Wealth Investment Committee. She earned a BA in Criminal Justice from John Jay College and, most recently, a Certificate of Cyber Security Risk Management from Harvard.

    Beyond her professional achievements, Arlenee embraces her roles as a wife and proud "boy mom" of two. As a New Yorker, she is passionate about giving back to her often-underserved community. She is an avid mentor, dedicating much of her free time to guiding and supporting young women aspiring to enter the financial, tech, legal, and compliance fields.

  • speaker photo
    John P. Durkin
    Regional Director, Region 2, DHS CISA

    John P. Durkin is the Regional Director for Region 2 within the Cybersecurity and Infrastructure Security Agency (CISA), where he leads the effort to protect and enhance the resilience of the nation’s physical and cyber infrastructure for New York, New Jersey, Puerto Rico, and the U.S. Virgin Islands. Prior to this position, he was CISA’s Chief of Protective Security for Region 2 and a Protective Security Advisor assigned to New York City.

    Before joining CISA, Mr. Durkin served as the Supervisory Air Marshal in Charge of the Newark Field Office of the Federal Air Marshal Service for six years, where he was named SAIC of the year in 2015. Mr. Durkin is a 24-year veteran of the New York City
    Police Department, where he spent most of his career in the Emergency Service Unit of the Special Operations Division and retired as a Deputy Inspector in command of the Aviation Unit. Other assignments during his tenure at NYPD included Commanding Officer of the Intelligence Division’s Protective Intelligence Unit and of the Threat Assessment Unit.

    Mr. Durkin holds a Bachelor of Science degree in Criminal Justice from the State University of New York, a Certificate in Police Management from the Columbia University Graduate School of Business, and a Master of Science degree in Homeland Security Management from Long Island University. He is a contributing author to “Leadership in Dangerous Situations,” a textbook used by cadets at the United States Military Academy, and to “Only as Strong as Its Weakest Link: Resilience of the Healthcare Supply Chain in New York,” for Homeland Security Today, which outlined the findings of the New York City Healthcare Regional Resiliency Assessment Project. Mr. Durkin is a retired U.S. Army Reserve Intelligence Officer, a veteran of Operations Iraqi and
    Enduring Freedom, and served at the tactical, combatant command, and strategic levels.

  • speaker photo
    Dillon White, Moderator
    Director, KMicro Tech

    Meet Dillon White, a Solutions Engineering whiz and the driving force behind sales engineering at KMicro Tech. With a knack for hybrid cloud solutions and services, Dillon combines his extensive industry experience with a dash of innovation to spark business growth. Before diving into the tech world, Dillon served eight impactful years in the United States Coast Guard, adding a unique perspective to his expertise.
    From cybersecurity to Microsoft Dynamics 365, Azure, and Modern Work, Dillon has seen it all. He's your go-to guide for digital transformation, helping businesses—big and small, retail and federal—navigate the tech maze and come out on top. His strategic insights and customer-first approach have consistently empowered organizations to hit new heights.

  • speaker photo
    Maverick James, Esq., CIPP/US, CIPM
    Founder & Managing Attorney, Avant-Garde Legal, P.C.
  • speaker photo
    Or Shoshani
    CEO, Stream Security

    Or Shoshani is the co-founder and CEO of Stream Security. After serving in an elite IDF cyber unit, Or founded a startup that was acquired by NVIDIA, where it played a key role in advancing AI technology security.
    Today, Or leads Stream Security, a leader in cloud detection and response. His vision drives the company's mission to help security teams gain real-time capabilities into the cloud attack surface, enabling them to outpace the adversary.

  • speaker photo
    Erik Klein
    Director, Americas Security Solutions Engineering, Dynatrace

    Following an 18 year career in software design, development, leadership, and architecture, Erik Klein embarked on a 7 year journey (2007 - 2014) as a pre-sales engineer to evangelize, help develop, and help mature the value of first generation software security tools (SAST, DAST) from obscurity to dominance in order to begin the process of hardening software. From 2014 - 2021, he repeated this process with the second generation of software security tools (IAST, RASP, SCA) to bring far more accurate and actionable security findings to prevention and incidence response teams. Currently in his role as Director of Americas Security Solution Engineering at Dynatrace, Erik and his team bring highly accurate and contextually aware security findings using IAST, RASP, Runtime SCA, Security investigation, and other capabilities to the security masses without the need to scan or install agents by activating security features, at-scale in production, within existing observability solutions.

  • speaker photo
    Todd Knapp
    CEO, Envision Technology Advisors

    Todd has been providing IT services nationally for over 25 years and draws inspiration and insight from participation in a wide range of executive boards and industry associations. He has an extensive background in strategic planning and implementation of business technology solutions, and founded his firm Envision Technology Advisors. As a presenter, Todd speaks throughout the country on a variety of technology and business topics including: Modern Workplace, Digital Transformation, Cybersecurity, and Evolving Digital Culture to fit the Modern Workforce.

    In his free time, Todd works with several non-profits and is also an avid sailor, wood worker, and scuba diver.

  • speaker photo
    Micah McCutchan
    Managing Director, Strategic Advisory Group, SentinelOne

    Micah McCutchan is Managing Director at PinnacleOne, SentinelOne’s strategic advisory service, where he helps large companies in the critical infrastructure value chain leverage geopolitical intelligence to enhance their digital security and resilience strategies. Prior to this, Micah was President and Chief Operating Officer of the Krebs Stamos Group, following his role at Argonne National Laboratory, where he advised the Cybersecurity and Infrastructure Security Agency (CISA) on national resilience and risk management related to natural disasters, terrorism, and cybersecurity for critical infrastructure. A serial entrepreneur with 20 years of experience in security risk management, Micah has successfully led the growth, operation, and sale of two high-profile advisory firms over the past decade. He lives in the Washington, D.C. area with his wife and two children.

  • speaker photo
    Afzal Khan, Moderator
    Global CISO, OPKO Health, Inc.

    Afzal Khan is a distinguished leader in the field of technology security and risk management, bringing over 26 years of expertise to his role. Currently serving at OPKO, he provides strategic direction and guidance on technology risk management, IT, OT, and cybersecurity, ensuring compliance with IT regulatory standards across domestic and international entities. Afzal's extensive experience includes notable positions such as the Global Head of IT Security, Risk Management & Compliance at Everest Reinsurance, where he led critical projects and built robust organizational teams. He holds 7 security and risk management certifications, including CISSP, CISA, and CRISC, underscoring his deep knowledge in the field. Afzal is renowned for his visionary approach, aiming to establish a secure technology platform aligned with business objectives, emphasizing a business-focused and risk-based approach to security decisions. His dedication to operational excellence and adaptability in the face of disruptive technologies have made him a trusted leader in the industry.

  • speaker photo
    Tom Brennan
    CIO, Mandelbaum Barrett PC

    Tom Brennan is the CIO of the national law firm Mandelbaum Barrett PC and leads the U.S. arm of CREST International. In this role, he works with government and commercial organizations to optimize the value of CREST as a cybersecurity accreditation body and industry standards advocate, particularly for companies in the Cybersecurity & Infrastructure Security Agency’s 16 critical infrastructure sectors which are vital to U.S. security, national economy, and public health and safety. As CREST USA Chairman, Brennan spearheads strategic plans for CREST USA’s organizational growth while also serving as an industry evangelist and educator on the value of using accredited cybersecurity products and professionals to improve consumer privacy, security, and protection worldwide.

    As a proud U.S. Marine veteran, Brennan became involved with CREST International in 2016 while serving the Global Board of Directors for the Open Web Application Security Project (OWASP). Seeing similar goals, he became more active in the CREST organization and was nominated to lead the organization’s U.S. Advisory in 2019. Over his career, Brennan has amassed security expertise across the cybersecurity spectrum, including penetration testing, vulnerability assessment, application security, threat intelligence, and more. In addition to being CREST USA Chairman, he is the Chief Information Officer of the national law firm Mandelbaum Barrett, overseeing critical infrastructure, privacy, and security operations. He is also an Advisory Board Member of the information services advisory Gerson Lehrman Group, a Cyber Fellows Advisory Council Member, a Member of the Information Technology Advisory Committee of the County College of Morris, a Senior Advisor and Industry Advisory Board Member of the New Jersey Institute of Technology, and a Cyber Fellows Advisory Council Member of the NYU Tandon School of Engineering.

  • speaker photo
    Allan Reyes
    Staff Security Engineer, Vanta

    Allan Reyes is a Staff Security Engineer at Vanta, leading application security, cloud security, and detection and response. Allan built several programs and initiatives at Vanta, including the product security, static analysis, and sensitive log filtering programs. He has a decade of experience working in software, security, and reliability, working at startups like Robinhood and Udacity. He was previously a United States Army paratrooper and a veteran of the wars in Iraq and Afghanistan. Allan holds a B.S. in Mechanical Engineering from MIT and M.S. degrees in Computer Science, Analytics, and Cybersecurity from Georgia Tech.

  • speaker photo
    Niv Goldenberg
    Co-Founder & CPO, Linx Security

    Niv Goldenberg is an experienced product leader with more than 20 years of technology leadership experience in cybersecurity in startups, enterprises and the IDF. Niv is the Chief Product Officer and co-founder of Linx Security. Prior to Linx, Niv was the VP of Product for Transmit Security, the head of product and group product manager of Microsoft Cloud App Security, and led multi-million dollar projects at the IDF and later for Fortune 500 companies. Niv is a graduate of the elite Talpiot military academy, holds a M.Sc. in Electronic Engineering from the Tel Aviv University, and a B.Sc. in Physics and Math Science from the Hebrew University.

  • speaker photo
    Sergio Nesti
    VP, Third-Party Risk, Panorays
  • speaker photo
    Bill Papp
    MySQL Principal Solution Engineer, Oracle
  • speaker photo
    Douglas Santos
    Director, Advanced Threat Intelligence, Fortinet

    With more than two decades of experience in the cybersecurity field, I possess a unique blend of sales soft skills and deep technical acumen, making me a well-rounded individual who is at ease working in both technical and non-technical environments. My keen understanding of the cyber threat landscape allows me to communicate potential threats and vulnerabilities, as well as complex security issues and possible countermeasures, to any audience with ease.

    Currently, my focus is on developing innovative ways to advance the state of the art in cyber threat intelligence, while managing a team of researchers and engineers. Our goal is to identify new attack vectors and develop proactive intelligence to protect against them. To help me achieve this mission, I am driving our partnership with MITRE CTID and participating in projects that are augmenting the state of the art when it comes to threat intelligence standards, tools, and response. We are also deploying these tools and standards across Fortinet's products and systems.

    My vast experience, technical expertise, and communication skills have enabled me to excel in the cybersecurity industry, and I look forward to continuing to drive innovation and progress in this field.

  • speaker photo
    Alpesh Shah
    VP, Cybersecurity Solutions, Myriad360

    Alpesh is an information security leader with a comprehensive background in cyber security architecture, cloud security, service delivery, physical and IoT security. With more than fifteen years of experience and expertise in requirements gathering, development of complex cyber security solutions, testing, production support, project management, pre-sales engineering, process re-engineering and implementation over different industries has helped enabling business objectives and reduce operational risk.

    Alpesh has a unique strength of identifying gaps in security infrastructure and correlate those gaps with business objectives and develop necessary technical and administrative solutions. Alpesh works with companies in all industry verticals that has simple to very complex environments.

    As a Cyber Security Practice Director, Alpesh is responsible for developing Go-To-Market (GTM) solutions and set the vision and direction for company's cyber security solutions strategy. Alpesh is responsible for defining the revenue target and achieve the set business goals. Alpesh works very closely with business & technical executives, legal group and balances the expectations & priorities between them.

    As a Solutions Architect Manager Alpesh is responsible for managing the team of solution architects. Alpesh is responsible for planning, developing and managing roles and responsibilities for his team to provide a high standard services to the customers.

    The passion and obsession for the information security encouraged Alpesh to obtain several technical and business level certifications like CISSP, CISM, CEH, CHP, Security+ and ITILv3 to comprehend his knowledge and display his commitment, skills and ability.

  • speaker photo
    Peter Bassey, Moderator
    Head of Cybersecurity Audit, BNY Mellon

    Senior Cyber Security, Technology Risk and Audit Professional with over 18 years of result-oriented experience in financial services and manufacturing focused on Cyber Security, Technology Risk Management, Third Party Risk Management and IT Audits. Problem solver with proven ability for team building, process enhancements, professional mentoring and enhance team value to the business. Cyber Security thought leader and speaker at CISO/Security Conferences.

  • speaker photo
    Paul Underwood, Moderator
    VP, Cybersecurity, Neovera

    Paul has more than 30 years of experience working in the Information Security space including 8 years with the US Air Force. Paul was a principal at Digital Signature Trust back in the 90’s working on Public Key Cryptography utilizing Hardware Security Modules to create Root certificates for the Browsers for trusted Root Certificates including the first Entrust Root Certificate to be published in a browser. His experiences have led him to be a knowledgeable and experienced Trusted Security advisor for many fortune 500 customers over the years.

  • speaker photo
    Happy Hour
  • speaker photo
    Henry Jiang
    CISO, Therapy Brands

    Henry is a seasoned executive with over 20 years of experience in IT and cybersecurity. With a strong vision for disruptive technologies, he has extensive hands-on experience and is a champion for businesses that prioritize risk management. He is able to define and develop KPIs and KRIs to communicate the effectiveness of the cybersecurity program with all reporting levels and report regularly to executive committees and regulatory bodies.

    As an expert in information security and technology risk, he excels in identifying and clarifying risks and leading remediation efforts. He is a creative problem solver and strategic decision-maker, capable of leading and directing teams in fast-paced environments. He is an empowering leader who trains and guides my team members to achieve their full potential.

    He is involved with the cybersecurity community and loves to contribute, active as a public speaker, author, and mentor. His technical core competencies include proficiency in the domains of cybersecurity frameworks and industry standards, security engineering, and operations, risk assessment, physical security, and secure software development. He is familiar with a wide range of cybersecurity controls, including SIEM, network and system security, identify management such as IAM and PAM, end-point security, DDoS remediation, cyber intelligence information sharing, cloud security, and much more.

  • speaker photo
    Titus Bickel
    Global Head of Cyber Training & Awareness, BlackRock

    Titus Bickel, CISSP, is Information Security's Global head of Cyber Training & Awareness. Titus manages firm-wide messaging of security policies and guidlines and offers annual compliance, virtual, and micro-trainings covering numerous security topics. Prior to his position with BlackRock, Titus produced intelligence and risk assessments for the US government and top fortune 500 companies in his roles with DoD, DHS, and the Analysis and Resilience Center (ARC). Titus’ work has been briefed to top USG and private sector CISOs, CEOs, and the US President on numerous occasions. Titus earned a master’s degree in International Relations from Washington University in St. Louis and majored in Intelligence/Security, with minors in Arabic and Political Science while studying at The Ohio State University.

  • speaker photo
    Adam Mullins
    VP, Cyber Administration, BlackRock

    Adam Mullins is a valued member of the Cyber Administration team at BlackRock, where he applies his educational expertise to the realm of cybersecurity. His responsibilities include crafting annual compliance trainings and micro-trainings on a variety of security topics, drawing on his background in education to enhance the organization's cybersecurity measures.

    Before joining BlackRock, Adam's career spanned roles as an instructional designer and project manager, contributing to sectors such as cloud computing, logistics, and global professional services. His academic achievements include a master’s degree in Instructional Technology, which informs his approach to designing effective security training programs.

  • speaker photo
    John Brennan
    Managing Partner, Holly Ventures

    John Brennan is the Managing Partner of Holly Ventures, a seed stage venture capital fund that exclusively invests in and supports cybersecurity entrepreneurs at their earliest stages. John has invested in over twenty security startups, with a focus on supporting founders from day one. Having previously served as a Senior Partner at YL Ventures, John's past portfolio work includes Axonius, Orca Security, Medigate, Hunters, Cycode, Vulcan Cyber, Spera, and many others. John holds an MBA from the University of Chicago and a Bachelor of Science from Trinity College in Connecticut.

  • speaker photo
    Kip Boyle, Instructor
    vCISO, Cyber Risk Opportunities LLC

    Kip Boyle is the Virtual Chief Information Security Officer of Cyber Risk Opportunities, whose mission is to help executives become more proficient cyber risk managers. He has over 24 years of cybersecurity experience serving as Chief Information Security Officer (CISO) and in other IT risk management roles for organizations in the financial services, technology, telecom, military, civil engineering, and logistics industries.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes