Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, April 5, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Round Table Breakfast: The Cost and Consequence of Insider Threats – (VIP / INVITE ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: Strafford

    This session is for Advisory Council members only.

    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Keynote Theater

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Berwyn

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:30 am
    EU General Data Protection Regulation: Review of the IT Security Requirements and Changes
    • session level icon
    speaker photo
    Partner, Park Legal LLC
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Malvern

    The EU General Data Protection Regulation (GDPR) becomes mandatory on May 25, 2018. It will have a sweeping impact on the data protection requirements and enforcement for multinationals, including in relation to data security. This presentation will describe the changes, with a focus on those relating to IT security, and will provide practical advice for organizations to prepare.

    8:30 am
    Data Mapping
    • session level icon
    Understanding How Your Data Moves Within and Without Your Organization
    speaker photo
    CISO & CPO, Cooper University Health Care
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Villanova

    One essential component of health IT interoperability and improved care is the exchange of information. Data mapping plays a key role in not only moving data but also in understanding where and how the data moves.

    8:30 am
    Security That’s Actually Suitable for Physician Practices and Other Small Businesses
    • session level icon
    speaker photo
    VP Standards & Analytics, HITRUST
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Haverford

    Small businesses are often financially and resource-constrained, and find it difficult to implement and maintain a robust information protection program. CSFBASICs leverages the HITRUST CSF and CSF Assurance Program and defines a relaxed but certifiable “good hygiene” approach to patient privacy and the security of their PHI.

    8:30 am
    Trend Micro: Anatomy of a Ransomware Attack and Why It Matters
    • session level icon
    Using a layered security approach ensures a better way to prevent, detect, and respond to threats.
    speaker photo
    Director, Global Threat Communications, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    8:30 am - 9:15 am
    Location / Room: Wayne

    Cyber criminals can hijack your business by encrypting your data and holding your systems hostage until you pay up. Hackers use ransomware like CryptoLocker and CryptoWall to target a wide range of organizations like yours, demanding thousands of dollars. Find out how you can protect your business from ransomware security threats. Join Jon Clay, Director of Global Threat Communications at Trend Micro, as he outlines the latest criminal underground threats and best practices to protect your data and systems.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Fighting Cybercrime – A Team Effort
    • session level icon
    speaker photo
    Senior Counsel, U.S. Dep't of Justice, Criminal Division, Computer Crime and Intellectual Property Section
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Jared Hosid, a prosecutor with the U.S. Department of Justice’s Computer Crime and Intellectual Property Section, will discuss the current cyber threat environment and address how the private sector can work collaboratively with law enforcement to reduce the cyber threat, mitigate loss, and catch the criminals.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable – The Threat of IoT to the Corporate Environment (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Strafford
    11:15 am
    Surviving the Siege: Medieval Lessons in Modern Security
    • session level icon
    Discover the 2017 SecureWorld Theme
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Villanova

    Warfare and the arts of intrusion have advanced considerably since the Middle Ages, but in many ways the principles of fortification we use today remain the same. The great castles of antiquity were ingeniously designed with multiple layers of physical security to protect their inhabitants from persistent, even advanced enemy threats. Their carefully planned and creative defensive measures provide rich metaphors, both positive and negative, for today’s cyber guardians. On the other hand, clever, daring, sometimes brilliant offensive strategies and tactics have historically breached battlements thought to be unassailable. Come join us as we examine lessons that can be applied to securing our own sophisticated digital fortresses.

    11:15 am
    Cisco: Stories of the Bad Within the Good – Illuminating Threats Deep Within a Network
    • session level icon
    speaker photo
    Systems Engineering Manager, Cisco
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Wayne

    Cisco Security expert Jeff Moncrief has identified zero day and insider threats within dozens of organizations leveraging netflow analysis and network behavioral anomaly detection.  

    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Systems Engineer, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Haverford

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    How to Develop an Effective Cyber-Response Program
    • session level icon
    A white paper with steps to develop an incident response program and a checklist for forensic support.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Malvern

    Despite our best efforts to detect and deflect attacks, the attack is inevitable. Lets walk through the steps to build an Incident Response Plan and the actions needed at the time of an event.

    12:00 pm
    Advisory Council LUNCH Roundtable: Growing the Future Cybersecurity Workforce – (VIP / Invite Only)
    • session level icon
    Advisory Council Members Only
    speaker photo
    VP Information Security & Compliance, Ascensus
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Strafford

    Lunch Served
    Moderator: Peter Kurek

    12:15 pm
    LUNCH KEYNOTE: Cisco – Integrate, Adapt, Overcome: Building Effective Security Architectures
    • session level icon
    speaker photo
    Field Product Manager, Cisco
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    1:15 pm
    Panel: Access Control – The End of the Password?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    “Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo.  Is 2FA good enough? Zero Trust? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.
    Panelists:
    Joeseph Walsh, DeSales
    George Makin, Federal Reserve
    Nancy Hunter
    George Makin
    Moderator: Bob McCosky

    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Villanova

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
    Panelists:
    Ron Schlect, BTB Security
    Eric Bucher, Cequence
    Matthew Cilento, Securonix
    Hassanain Kapadia, Palo Alto Networks
    John Maloney, AccessIT Group
    Moderator: Frank Piscitello

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    EU-U.S. and Swiss-U.S. Privacy Shield Certification: IT Security Requirements, Preparation and Risk Minimization
    • session level icon
    speaker photo
    Partner, Park Legal LLC
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Malvern

    The E.U.-U.S. and Swiss-U.S. Privacy Shield frameworks replace the outdated (and invalidated) Safe Harbor framework for transfers of personal data pertaining to European and Swiss residents to the U.S. This presentation will provide an overview of the Privacy Shield framework and principles, with a focus on the requirements and regulator expectations for fulfilling and sustaining on a go-forward basis the Security requirements that are part of that framework. The presenter will also provide practical advice and recommendations for the attendees, based upon her assistance to many organizations certifying to these frameworks.

    3:00 pm
    IoT Threat Analysis
    • session level icon
    Gain a better understanding of the risks involved with IoT devices.
    speaker photo
    CISO, The Bancorp
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Villanova

    This session will review the current threat landscape, identify security concerns, provide examples and offer recommendations on securing the devices.

    3:00 pm
    Lock Pick Village
    • session level icon
    A Better Understanding of Locks and How to Compromise Them
    speaker photo
    Professor, Drexel University
    speaker photo
    Electrical Engineer, Security Consultant
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Wayne

    Attendees will learn basic locking theory and then put it into practice by picking real locks.

    3:00 pm
    Cylance: Hitchhiker’s Guide to Ransomware – From Genesis to Current Menace
    • session level icon
    speaker photo
    Principal Consultant - Incident Response, Cylance
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: Haverford

    This presentation will cover: ransomware, ransomware infection vectors, the history & evolution of ransomware, business model for ransomware and what the best ways to detect and prevent ransomware.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Keynote Theater

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Berwyn

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

  • Thursday, April 6, 2017
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Keynote Theater

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 – Big Data and IoT: Wonderful, Terrible, Inevitable
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISSP, President, O'Leary Management Education
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Berwyn

    Big Data and the Internet of Things are revolutionizing virtually every industry. We’re told of pinpoint accurate medical records and diagnostics, all-encompassing analytics, mastery of industrial processes, effortless control of our static and moving environments and complete connectivity and communication with anything and everything we might ever imagine being useful. Wonderful!

    But SecureWorld attendees and others who’ve been in IT Security for any appreciable time have an internal red flag that goes up upon hearing “It’s gonna be great!” Then those euphoria-deflating security questions start multiplying and running through our somewhat addled brains. Where is all this Big Data coming from? Where will it reside? Who controls it? Who grants access? On what basis? How do we know it’s accurate, relevant? Is it complete enough for life and death medical decisions? What about analytics system administration; data monitoring and correction procedures; incompatible security architectures? Oh yeah, and privacy?

    What kind of security is built into all these Internet-connected devices? How easy is it to control access? Is the data they trade and store encrypted? Who’s liable if they fail or give erroneous signals?

    Big Data and IoT are neither fads nor merely trends, they constitute a revolution. There’s no going back. Join us as we look from a security perspective at both the bright and dark sides.

    8:30 am
    Gaining Better Visibility Into Risk – The Future of GRC
    • session level icon
    speaker photo
    Experienced Manager, Grant Thornton’s Risk Advisory Services
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Wayne

    In this session we will be discussing the general achievements and failings that clients have experienced utilizing GRC platforms and processes, where the market is headed, and how integration of different data sources and risk correlation techniques are starting to be utilized to get a better picture of risk.

    8:30 am
    Data Breach Digest – Perspective is Reality
    • session level icon
    speaker photo
    Senior Manager, Verizon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Villanova

    Data breaches are complex affairs. Response activities are proportionately complex involving various stakeholders with slightly different perspectives. This presentation covers the 2017 “Data Breach Digest – Perspective is Reality”; a compendium of data breach scenarios told from different stakeholder points of view covering their decisions, actions and crucial lessons learned.

    8:30 am
    Keeping Information Security Simple
    • session level icon
    speaker photo
    Founder and President , Engaged Impact
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Malvern

    The greatest problems for Information Security are the pervasive fear, uncertainty and doubt many business leaders feel about the costs and benefits surrounding cyber security, leading many to ignore or underinvest in even the most basic risk assessment and mitigation that could save their businesses. But even a simple risk assessment can highlight and quantify enormous risks, which are sometimes easily and cheaply remedied. Frameworks and questionnaires for assessing risk are readily available and straightforward to apply. Opportunities for improvements will be highlighted with compelling examples.

    8:30 am
    Jumping the Canyon from Technical to Leadership and Landing Successfully
    • session level icon
    speaker photo
    Chief Information Security Officer, Kennedy Health System
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Haverford

    Making the jump from a technical role to a leadership role, and lessons learned from the other side. Technology is easy—security in principle is not difficult. The challenge is working with other people, understanding the culture, and determining who you are and want to be.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE: Phishing Dark Waters – Don’t End Up on the Hook
    • session level icon
    speaker photo
    CEO, Social-Engineer, Inc.
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Phishing – is it really that dangerous? Can it really create havoc in your organization? I have sent, seen and analyzed some of the most effective and dangerous phish in the world. Learn how to dissect and defend so you don’t get hooked.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable – Understanding the Business Viability of Your Security Solution Vendors (VIP / Invite Only)
    • session level icon
    speaker photo
    Director of Information Security & Compliance, Morgan, Lewis & Bockius LLP
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Strafford
    11:15 am
    An Introduction to Statistical Anomaly Detection
    • session level icon
    speaker photo
    Director - Isaac L. Auerbach Cybersecurity Institute, Drexel University
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Villanova

    An introduction and overview of the mathematical ideas underlying statistical anomaly detection, focusing on principal component analysis (PCA) based detection.

    11:15 am
    Securonix: Solving Compliance and Security Crisis with Big Data Analytics
    • session level icon
    speaker photo
    CISO and Chief Security Strategist, Securonix
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Wayne
    11:15 am
    SecureAuth: Moving Beyond Passwords
    • session level icon
    speaker photo
    SVP, Identity Strategy, SecureAuth
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Malvern

    In 2016, almost two-thirds of breaches involved the use of stolen or default credentials. Even the strongest and most complex passwords will never be enough if they are compromised. While there is no denying that we need to remove our dependency on the password as a primary method of authentication, the question remains how to we get there? Join Robert Block as we discuss whether the world is ready to relinquish its love for the password, the challenges involved in moving to a password-free world, and enabling technologies that will get us there.

    11:15 am
    OSINT and Social Engineering
    • session level icon
    speaker photo
    Partner, Information Security, DFDR Consulting
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Haverford

    Session will outline Open Source Intelligence gathering, social engineering attacks and information leakage for the purposes of attacks against a given target

    12:00 pm
    Advisory Council Roundtable LUNCH – Top Down-Bottom-up Risk Assessment (VIP / Invite Only)
    • session level icon
    Gourmet Lunch Served
    speaker photo
    IT Policy Risk & Compliance Manager, Fulton Financial
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Strafford
    12:15 pm
    [LUNCH KEYNOTE] Radware: Game of Threats
    • session level icon
    speaker photo
    Security Evangelist, Radware
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    Do you really know who are the real cyberattackers in today’s landscape? Every day we hear about names, techniques, hacktivists, and new tools which are ransacking businesses and organizations worldwide. However, do you understand how these relate to each other and which of these vectors are the most heinous? This presentation reveals a fascinating topic of how everything from hacking tools and patriotic hackers, to cyber cartels and DDoS vectors relate to one another, placing everything into context. In fact, this presentation will allow for a detailed understanding of 52 different attack types and categories to be aware of and comprehend. You will take away the notion of how varied each attack vector is and how many categories exist in the world of cyberattacks.

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Villanova

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Scott Register, Ixia
    John McClurg Cylance
    Mike Rogers Symantec
    Tim Miller, Trend Micro
    Moderator: Dan Reither

    1:15 pm
    Panel: Cloudy With a Chance of Breach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    Everything old is new again. Migrating to the cloud certainly is not a new thing. It is for some smaller companies that are just now able to afford making the move to the cloud. Cloud boasts a secure, disaster proof option for companies to store their data offsite with access to that data from practically anywhere. So, who’s fault is it when the data is compromised? What if your information is stolen from the cloud because another user’s data was at fault? At the end of the day, isn’t the cloud just someone else’s computer? Join this panel discussion as they guide you through the pros and cons in migrating to the cloud.
    Panelists:
    John DiLullo,Lastline
    Gus Coronel,Check Point
    Pete Molett, AccessIT Group
    Dwayne Wenger, Big Switch
    Mike Piscopo,Delta Risk
    Moderator: Anahi Santiago

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Security and Medical Devices
    • session level icon
    speaker photo
    Chief Security Architect, Vaxient
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Wayne

    Since, medical devices are critical to providing care and treatment, this talk will address three key issues: 1) identify specific threats to providers and medical devices, 2) present some practical, cost-effective mitigations, and 3) provide a strategy for the future.

    3:00 pm
    Compliance With the New York DFS Cybersecurity Regulations
    • session level icon
    Do These Rules Apply to My Company?
    speaker photo
    Data Privacy, Security, and Management Attorney
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Haverford

    The New York Department of Financial Services (DFS) cybersecurity regulations have partially gone into effect as of March 1, 2017. And, you may wonder … do these rules apply to my company and if so, what do I need to do to be compliant? The rules require more than simple changes in policy. We will discuss the requirements in-depth as well as the additional staggered compliance deadlines. This presentation will be particularly helpful for financial institutions, other NY DFS regulated entities (for example, insurers, check cashers, money transmitters, lenders and virtual currency businesses) and those that are vendors of financial services institutions.

    3:00 pm
    Next Generation Application and Infrastructure Management
    • session level icon
    speaker photo
    Application and Cloud Security Manager, Cengage Learning, OWASP
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Villanova

    Application and cloud security vulnerability management tools consider only vulnerabilities and don’t deal with workflow and assisting security professionals build their program in an agile fashion. Defect Dojo, an Open Source tool from OWASP, is built on enabling security programs.

Exhibitors
  • AccessIT Group
    Booth: 100

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • Alert Logic
    Booth: 314

    Whether your company is transitioning infrastructure to the cloud, taking advantage of managed hosting services, or continuing to rely on owned data centers, Alert Logic offers intrusion detection, vulnerability assessment and log management solutions that are coupled with 24/7 monitoring and expert guidance services from our security operations center. More than 1,500 enterprise customers trust Alert Logic to secure and protect their digital information, and rely on us for keeping in step with increasingly complex regulatory issues. In addition to our team of GIAC analysts dedicated to careful observation and assessment of threats to your data, our research team stays on top of emerging developments so we can stop potential security breaches before they strike. We also have a dedicated support team ready to answer any questions you have about our products and services.

  • Alpine Security
    Booth: 216

    Alpine Security is a Service Disabled Veteran owned Small Business. We have extensive experience with security audits, regulatory compliance audits, vulnerability assessments, penetration testing (network, application, web application, and physical), social engineering, incident response, digital forensics, and user awareness & technical training.  Our team members are Industry Certified, bring vast project experience, highly educated, trusted, and experienced.  We have been on United States government red teams and have experience with military cyber operations – offensive and defensive.  Our team is also well-versed and experienced with commercial security assessments, audits, penetration testing, risk assessments, and incident response.  We have performed penetration tests and assessments for numerous industries, including aerospace & defense, education, healthcare, financial, energy, and oil & gas.  Our extensive experience in high-risk and complex environments ensures we are prepared to test your environment, regardless of the risk-level or complexity.  We’ve been tested under fire.

  • Arctic Wolf Networks
    Booth: 304

    Arctic Wolf Networks provides SOC-as-a-service that is redefining the economics of security. The AWN CyberSOCTMservice is anchored by Concierge Security™ teams and includes 24×7 monitoring, custom alerting and incident investigation and response. There is no hardware or software to purchase, and the end-to-end service includes a proprietary cloud-based SIEM, threat intelligence subscriptions and all the expertise and tools required. For more information about Arctic Wolf, visit https://www.arcticwolf.com.

  • ASIS
    Booth: TBD

    ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org

  • CensorNet
    Booth: 216

    CensorNet provides a multi-channel, multi-layered approach to securing the cloud via its purpose-built platform. CensorNet delivers integrated web security, email security, CASB and multi factor authentication to provide security focused visibility and control of an organization’s assets.

  • Check Point Security
    Booth: 100

    Since 1993, Check Point has been dedicated to providing customers with uncompromised protection against all types of threats, reducing security complexity and lowering total cost of ownership. We are committed to staying focused on customer needs and developing solutions that redefine the security landscape today and in the future.

  • Cisco
    Booth: 316

    Cisco builds truly effective security solutions that are simple, open and automated. Drawing on unparalleled network presence as well as the industry’s broadest and deepest technology and talent, Cisco delivers ultimate visibility and responsiveness to detect more threats and remediate them faster. With Cisco, companies are poised to securely take advantage of a new world of digital business opportunities.

  • Cloud Passage
    Booth: 206

    CloudPassage® Halo® is the world’s leading agile security platform that provides instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds. Halo uses minimal system resources; so layered security can be deployed right at every workload – servers, instances and containers.

  • CrowdStrike
    Booth: 101

    CrowdStrike is the leader in cloud-delivered endpoint protection. Leveraging artificial intelligence (AI), the CrowdStrike Falcon® platform offers instant visibility and protection across the enterprise and prevents attacks on endpoints on or off the network. CrowdStrike Falcon deploys in minutes to deliver actionable intelligence and real-time protection from Day One. It seamlessly unifies next-generation AV with best-in-class endpoint detection and response, backed by 24/7 managed hunting. Its cloud infrastructure and single-agent architecture take away complexity and add scalability, manageability, and speed.

  • Cylance
    Booth: 300

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • Darktrace
    Booth: 112

    Darktrace is the world’s leading AI company for cyber defense. With over 7,000 deployments worldwide, the Enterprise Immune System is relied on to detect and fight back against cyber-attacks in real time. The self-learning AI takes one hour to install, works across the cloud, SaaS, corporate networks, IoT and industrial systems, and protects against the full range of cyber-threats and vulnerabilities, from insider threats and ransomware, to stealthy and silent attackers. Darktrace has 800 employees and 40 offices worldwide, with headquarters in San Francisco, and Cambridge, UK.

  • Booth: 108
  • DeSales University Cyber Security Program
    Booth: 212

    DeSales University offers an exciting digital forensics certificate program, composed of four courses, that teaches students how to recover evidence from various types of electronic devices. Students receive hands-on experience with popular forensic tools and are prepared to address the legal and investigative issues involved with seizing and handling digital evidence. Graduates of the certificate program can add more courses toward a master’s degree in criminal justice or information systems. All courses are online, allowing students with busy schedules greater flexibility.

  • Electronic Crimes Task Force
    Booth: 404

    The role of the U.S. Secret Service has gradually evolved since the agency’s 1865 inception, from its initial mandate — suppressing the counterfeiting of U.S. currency — to protecting the integrity of the nation’s financial payment systems. During this time, as methods of payment have evolved, so has the scope of the Secret Service’s mission. Computers and other chip devices are now the facilitators of criminal activity or the target of such, compelling the involvement of the Secret Service in combating cyber crime. The perpetrators involved in the exploitation of such technology range from traditional fraud artists to violent criminals – all of whom recognize new opportunities to expand and diversify their criminal portfolio.

  • Fidelis Cybersecurity
    Booth: 104

    Fidelis Cybersecurity is a leading provider of threat detection, hunting and response solutions. Fidelis combats the full spectrum of cyber-crime, data theft and espionage by providing full visibility across hybrid cloud / on-prem environments, automating threat and data theft detection, empowering threat hunting and optimizing incident response with context, speed and accuracy. For more information, go to www.fidelissecurity.com.

  • GuidePoint Security LLC
    Booth: 101

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • HTCIA Delaware Valley Chapter
    Booth: 402

    The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge, about methods, processes, and techniques relating to investigation and security in advanced technologies among its membership.

    By becoming a member of the HTCIA you will affiliate yourself with a professional organization which will help you fully understand and address issues associated with investigations, apprehensions and methodologies associated with the newest breed of high tech criminals. With the explosion in use of computers and the Internet, there is an uprising in criminal activities that utilize these powerful tools. From computer viruses to data processing fraud, there are many growing threats that expose our society to a new kind of criminal activity.

  • InfraGard Philadelphia
    Booth: 406

    InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.

  • ISACA Philadelphia
    Booth: 322

    The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.

  • (ISC)2
    Booth: TBD

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA Delaware Valley
    Booth: 502

    Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
    We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.”

  • LogRhythm
    Booth: 208

    LogRhythm, a leader in security intelligence and analytics, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyber threats. The company’s patented award-winning platform uniquely unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration and advanced security analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides unparalleled compliance automation and assurance, and enhanced IT intelligence.

  • OWASP
    Booth: 320

    The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

  • PACT
    Booth:

    Philadelphia Alliance for Capital and Technologies (PACT)’s vision is to be the go-to resource for fast growing companies, and a driver of entrepreneurship and innovation in the Philadelphia region. PACT provides its members with valuable content and connections to capital, coaching, and customers that will accelerate their growth and success, and to collaborate with other organizations to drive innovation and entrepreneurship in the region. Visit www.philadelphiapact.com for more information.

  • Preempt Security
    Booth: 101

    Preempt delivers a modern approach to authentication and securing identity in the Enterprise. Using patented technology for Conditional Access, Preempt helps Enterprises optimize Identity hygiene and stop attackers and insider threats in real-time before they impact business. Preempt continuously detects and preempts threats based on identity, behavior and risk across all cloud and on-premises authentication & access platforms. This low friction and more prescriptive approach empowers security teams more visibility & control over accounts and privileged access, achieve compliance and auto-resolve incidents. Learn more:  www.preempt.com.

  • Radware
    Booth: 210

    Radware (NASDAQ: RDWR), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.

  • Reduxio
    Booth: 308

    There has been no fundamental innovation in data management for primary storage for the last two decades. In 2012, a group of storage industry veterans founded Reduxio with the vision to redefine data management and protection by taking advantage of new processing, networking and media technologies.

    Reduxio’s new line of enterprise flash storage solutions based on the revolutionary TimeOS storage operating system, provides breakthrough storage efficiency and performance, and the unique ability to recover data to any second, far exceeding anything available today.

    Headquartered in South San Francisco, CA, Reduxio is backed by Seagate Technology, Intel Capital, JVP and Carmel Ventures.

  • RSA Security
    Booth: 101

    RSA Business-Driven Security™ solutions provide organizations with a unified approach to managing digital risk that hinges on integrated visibility, automated insights and coordinated actions.  With solutions for rapid detection and response, user access control, consumer fraud protection, and integrated risk management, RSA customers can thrive and continuously adapt to transformational change.

  • SailPoint
    Booth: 310

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • Santander
    Booth: 118

    We are Santander Bank, N.A.– one of the country’s top retail banks by deposits and a wholly owned subsidiary of one of the most respected banks in the world: Banco Santander. Our parent company, Santander Group, serves more than 100 million customers in the United Kingdom, Latin America, and Europe. Here in the Northeast, we are a team of 9,800 individuals all committed to a single mission: to help you make progress toward your goals. We aim to make your banking hassle-free by providing simple ways for you to spend, save and manage your money.

  • SecureAuth
    Booth: 302

    SecureAuth enables companies to determine identities with absolute confidence. Whether you’re seeking to continuously secure employee,
    customer or partner access, SecureAuth’s flexible and adaptive platform makes everything fast, frictionless and pain-free. Guaranteed.

  • Securonix
    Booth: 306

    Securonix is redefining the next generation of cyber-threat detection using the power of machine learning and big data. Our purpose-built security analytics platform uses machine learning to track and create baselines of user, account, and system behavior and detects the most advanced insider threats, cyber threats, and fraud activities in real time. Built on a Hadoop platform, the Securonix solution provides an open platform with unlimited scalability. Securonix provides incident orchestration capabilities with playbooks that enable automated incident response. Globally, customers use Securonix to address their insider threat, cyber threat, cloud security, fraud, and application security monitoring requirements. Visit www.securonix.com.

  • Splunk
    Booth: 101

    You see servers and devices, apps and logs, traffic and clouds. We see data—everywhere. Splunk® offers the leading platform for Operational Intelligence. It enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make your company more productive, profitable, competitive and secure. What can you do with Splunk?
    Just ask.

  • Varonis
    Booth: 101

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • Synopsys
    Booth: 214

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • TechTarget
    Booth: TBD

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • Trend Micro
    Booth: 202

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • Unisys
    Booth: 208

    Unisys is a global information technology company that specializes in providing industry-focused solutions integrated with leading-edge security to clients in diverse markets. Unisys combines experienced security consulting, Stealth micro-segmentation security solutions and efficient managed security services to deliver dramatic improvement in security posture and operational efficiencies.
    Visit http://unisys.com/security for more information.

  • Venafi
    Booth: 312

    Venafi secures and protects keys and certificates so they can’t be used by bad guys in cyber attacks. Criminals want to gain trusted status and go undetected. This makes keys and certificates a prime target. Criminals steal and compromise keys and certificates that are not properly protected, and use them to circumvent security controls. This has become the attack of choice. As a Gartner-recognized Cool Vendor, Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that businesses and governments depend on for secure communications, commerce, computing, and mobility. Venafi finds all keys and certificates and puts them under surveillance to detect anomalies. Vulnerable keys and certificates are fixed to prevent attack. Ongoing remediation is performed automatically. Venafi strengthens defenses of today’s critical security controls.

  • WatchGuard
    Booth: 204

    WatchGuard offers industry-leading network security, secure Wi-Fi, and multi-factor authentication solutions to businesses around the world. In a world where the threat landscape is constantly evolving, and new threats emerge each day, WatchGuard provides robust security in a simple, easy-to-manage way.

  • EC-Council
    Booth: TBD

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Joan Antokol
    Partner, Park Legal LLC

    Joan is a partner at Park Legal LLC, a law firm with offices in New Jersey and Indianapolis. Since 2002 and continuing, she has been one of the only outside counsel invited to be a member of a regulator team chaired by the Berlin Data Protection Commissioner, which includes members of the Supervisory Authorities from each EU member state, as well as a growing number of other countries around the world. Joan is a frequent speaker at data privacy conferences in the US and EU, and has published a number of articles. She counsels multinationals and other clients on a wide variety of data privacy and security topics, and handles many security breaches.

  • speaker photo
    Phil Curran
    CISO & CPO, Cooper University Health Care

    Phil Curran has more than 20 years of experience in information security and privacy in the military, government and private sectors. As the Chief Information Security Officer and Chief Privacy Officer at Cooper University Health Care in Camden NJ, he is responsible for managing governance and regulatory compliance, risk assessment and management, threat intelligence and vulnerability assessment, privacy and security investigations, business continuity, and awareness and training.

  • speaker photo
    Dr. Bryan S. Cline
    VP Standards & Analytics, HITRUST

    As the VP of Standards and Analytics at HITRUST, Dr. Bryan S. Cline provides thought leadership for the continuing development of the HITRUST CSF and related methodologies—healthcare’s de facto information protection standard and basis for NIST Cybersecurity Framework implementation in the industry—and the ‘Father’ of (ISC)2’s HCISPP credential.

  • speaker photo
    Jon Clay
    Director, Global Threat Communications, Trend Micro

    Jon Clay has worked in the cybersecurity space for over 21 years. He is responsible for managing marketing messages and external publication of all the threat research and intelligence within Trend Micro as well as different core technologies. As an accomplished public speaker with hundreds of speaking sessions around the globe, Jon focuses on the threat landscape and the use of big data in protecting against today’s sophisticated threats. Jon is also a volunteer speaker for the Trend Micro Internet Safety for Kids and Families program.

  • speaker photo
    Jared S. Hosid
    Senior Counsel, U.S. Dep't of Justice, Criminal Division, Computer Crime and Intellectual Property Section

    Jared Hosid is Senior Counsel in the U.S. Department of Justice’s Computer Crime and Intellectual Property Section, where he focuses on cybersecurity, electronic surveillance, and the growing challenge in obtaining lawful access to electronic evidence in criminal investigations. Jared also investigates cases involving various types of cybercrime and has been involved in DOJ’s application of the Cybersecurity Information Sharing Act. Jared previously clerked in DC federal court and was a litigator at Dechert and Crowell & Moring.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Jeff Moncrief
    Systems Engineering Manager, Cisco

    Jeff Moncrief is a Systems Engineering Manager at Cisco. Jeff has over 17 years of Information Security Industry experience, holding leadership roles in Support, Sales Engineering and Pre/Post-Sales Technical Account Management.  Jeff’s specializations include compliance, vulnerability management, incident response and security architecture.  

  • speaker photo
    Steven Dougherty
    Systems Engineer, Radware
  • speaker photo
    Alex Petrow
    VP Information Security & Compliance, Ascensus
  • speaker photo
    Chris Hoff
    Field Product Manager, Cisco

    Chris Hoff is a Field Product Manager with over 20 years in network and information security operations, sales and marketing. During this time Chris has helped numerous organizations build and manage their IT operations. In his current role, he helps educate organizations on the current threat landscape and understand how they can pro-actively mitigate and manage risk.

  • speaker photo
    Joan Antokol
    Partner, Park Legal LLC

    Joan is a partner at Park Legal LLC, a law firm with offices in New Jersey and Indianapolis. Since 2002 and continuing, she has been one of the only outside counsel invited to be a member of a regulator team chaired by the Berlin Data Protection Commissioner, which includes members of the Supervisory Authorities from each EU member state, as well as a growing number of other countries around the world. Joan is a frequent speaker at data privacy conferences in the US and EU, and has published a number of articles. She counsels multinationals and other clients on a wide variety of data privacy and security topics, and handles many security breaches.

  • speaker photo
    Anthony Meholic
    CISO, The Bancorp

    Anthony is currently Director of Cybersecurity, Chief Security Officer at The Bancorp Inc. in Wilmington, Delaware. He has worked extensively with application development including creation of simulation software for emergency medical providers, work with local government agencies on EMS trending and metrics and customized user interfaces for medical diagnostic software. His experience in Information Security at The Bancorp, JPMorgan Chase, Citibank and Republic Bank in Philadelphia included detailed work on encryption key management, security reviews, risk assessments and security testing for financial institutions. He has been responsible for the creation and implementation of numerous information security programs such as: Mapping of the Cybersecurity program to the NIST Cybersecurity Framework and FFIEC Self-Assessment Tool, Vendor Management, project security reviews, customized encryption key management, establishment of an internal penetration testing program, comprehensive risk assessment, and vulnerability management. Anthony is a graduate of Michigan State University and has over 20 years of IT experience. He is a regular speaker at international information security conferences and is a frequent trainer for a variety of federal agencies. Anthony has authored numerous articles for Tech Target, Information Security Magazine and Hackin9 Magazine.

  • speaker photo
    Ralph DeFrangesco
    Professor, Drexel University

    Ralph is a professor at Drexel University and a cybersecurity consultant.

  • speaker photo
    Stephanie J. DeFrangesco
    CEO, DataTech

    Stephanie is the CEO of DataTech, a cybersecurity company providing security analysis

  • speaker photo
    Gerardo Cruz
    Electrical Engineer, Security Consultant

    Gerardo is an Electrical Engineer and security consultant.

  • speaker photo
    Thomas Pace
    Principal Consultant - Incident Response, Cylance

    Thomas Pace has an extensive background in building incident response programs, policies, procedures and playbooks at multiple top-tier organizations. Thomas has 11 years of security experience in various fields including physical security, intelligence gathering and analysis, sensitive site exploitation, incident response, intrusion analysis, and endpoint and network forensics. Thomas also has extensive experience in conducting assessments against various NIST special publications such as 800-53 and 800-171.

    At Cylance, Thomas serves as a Principal Consultant where he acts as a technical lead on various projects sold and delivered, and also creates processes and methodologies to better assist Cylance’s client base. Thomas conducts incident readiness assessments, security tool assessments, and responds to incidents as needed. Thomas is also currently an Adjunct Professor at Tulane University where he has developed a portion of the Homeland Security Studies program curriculum centered on cybersecurity. Thomas also currently provides guidance and expertise to the New Orleans cloud security community as the Louisiana Cloud Security Alliance Co-Chair.

    Prior to Cylance, Thomas served as a Senior Cybersecurity Engineer at Fluor Federal Petroleum Operations, a Department of Energy contractor supporting the Strategic Petroleum Reserve worth billions of dollars. In this role, Thomas was the lead incident response official and was responsible for ensuring all incidents were appropriately identified, contained and remediated in a timely manner and reported to proper authorities if necessary. Additionally, Thomas was responsible for conducting intrusion analysis and threat hunting on a daily basis to ensure the organization was not breached. While conducting a multitude of analyses based on intrusions and incidents, Thomas built a multitude of playbooks and processes so junior technical personnel could also conduct analyses in an efficient manner.

    Thomas served in the United States Marine Corps as an infantryman and intelligence specialist. During this time, Thomas deployed to both Iraq and Afghanistan as part of the Marine Corps.

    Thomas holds an M.S. in Information Science with a concentration in Information Assurance. Thomas also possesses multiple certifications such as GIAC GCIH, GCFA, GCIA, GICSP and GCWN. Thomas also is a Sourcefire certified professional, CISSP, and possesses CNSS 4011, 4012, 4013, 4014 and 4015.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    John O'Leary
    CISSP, President, O'Leary Management Education

    John O'Leary, CISSP, is President of O'Leary Management Education. His background spans four decades as an active practitioner in information systems, IT Security and contingency planning. He has designed, implemented and managed security and recovery for networks ranging from single site to multinational. John has trained tens of thousands of practitioners, and conducted on-site programs at major corporations and government facilities worldwide. He has also facilitated meetings of Working Peer Groups, where security professionals from diverse corporations share ideas, concerns and techniques. John is the recipient of the 2004 COSAC award, the 2006 EuroSec Prix de Fidelite, and the 2011 ISC2 Lifetime Achievement Award

  • speaker photo
    Matthew Perry
    Experienced Manager, Grant Thornton’s Risk Advisory Services

    Matt has over 25 years Information Technology (IT) experience; 12 years in Information and Cyber Security. Prior to joining Grant Thornton, Matt served 8 years as the Director of Information and Cyber Security for a global manufacturing and energy production company. While there he was responsible for the design, application and oversight of the company’s Information Security Management System (ISMS), implementation and management of a fully functional 24x7/365 cyber security operations center, security tools evaluation and purchase, policy and procedure development, critical design reviews, and employee security awareness and training.

  • speaker photo
    John Grim
    Senior Manager, Verizon

    John, the primary author of the Verizon Insider Threat Report, has over 16 years of experience investigating data breaches and cybersecurity incidents within the government and civilian security sectors. John manages a highly technical investigative response team who investigates data breaches and advises on containment / eradication / remediation measures for customers worldwide.

  • speaker photo
    Chris Shull
    Founder and President , Engaged Impact

    Chris is Founder and President of Engaged Impact, which provides information security leadership and transformation consulting to small and mid-sized businesses, and Information Security Specialist for Xpand.io, which provides SaaS supporting effective new employee onboarding for large corporations. He is a Certified Information Systems Security Professional (CISSP) and has over 20 years’ experience delivering, implementing and managing private, public and hybrid cloud-based information technologies. He has led info security teams and efforts covering cloud tools from both the vendor and company sides. He has used the ISO 27001 and NIST SP 800 frameworks to address needs for HIPAA, FERPA, SOX, PII and PCI/DSS compliance. He recently guided U.S.-EU and Swiss Safe Harbor and EU-U.S. Privacy Shield certification processes. Chris earned a BA in Economics and Mathematics from the University of Pennsylvania and an MA from the Wharton School with a concentration in Operations and Information Management.

  • speaker photo
    Thomas Handlon
    Chief Information Security Officer, Kennedy Health System

    Thomas Handlon - Chief Information Security Officer at Kennedy Health System, NJ. Thomas (Tom) Handlon is the chief information security officer at Kennedy Health System in NJ. Prior to Kennedy, he was director of information security at American Realty Capital, a financial investment firm. Tom has almost 20 years’ experience in information technology and holds a MS in Information Assurance and Cybersecurity from Western Governors University.

  • speaker photo
    Christopher Hadnagy
    CEO, Social-Engineer, Inc.

    Christopher Hadnagy, is the founder and CEO of Social-Engineer, LLC. Chris possesses over 16 years experience as a practitioner and researcher in the security field. His efforts in training, education, and awareness have helped to expose social engineering as the top threat to the security of organizations today.

    Chris established the world’s first social engineering penetration testing framework at www.social- engineer.org, providing an invaluable repository of information for security professionals and enthusiasts. That site grew into a dynamic web resource including a podcast and newsletter, which have become staples in the security industry and are referenced by large organizations around the world. Chris also created the first hands-on social engineering training course and certification, Advanced Practical Social Engineering, attended by law enforcement, military, and private sector professionals.

    A sought-after writer and speaker, Chris has spoken and trained at events such as RSA, Black Hat, and various presentations for corporate and government clients. Chris is also the best-selling author of three books; Social Engineering: The Art of Human Hacking, Unmasking the Social Engineer: The Human Element of Security and Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails.

    Chris has been invited to the Pentagon to debrief 30+ general officers and government officials on social engineering and its effect on the United States.

    Chris specializes in understanding how malicious attackers exploit human communication and trust to obtain access to information and resources through manipulation and deceit. His goal is to secure companies by educating them on the methods used by attackers, identifying vulnerabilities, and mitigating issues through appropriate levels of awareness and security.

    Chris is a certified Expert Level graduate of Dr. Paul Ekman’s Micro Expressions courses, having made the study of non-verbal behaviors one of his specialties. In addition, he holds certifications as an Offensive Security Certified Professional (OSCP) and an Offensive Security Wireless Professional (OSWP).

  • speaker photo
    Steve Naphy
    Director of Information Security & Compliance, Morgan, Lewis & Bockius LLP
  • speaker photo
    Steven Weber
    Director - Isaac L. Auerbach Cybersecurity Institute, Drexel University

    Steven Weber is professor in the Department of Electrical and Computer Engineering, founding director of the Isaac L. Auerbach Cybersecurity Institute, and founding director of the Modeling and Analysis of Networks Laboratory (MAN Lab) at Drexel University.

  • speaker photo
    Michael Lipinski
    CISO and Chief Security Strategist, Securonix

    Michael J. Lipinski is CISO and chief security strategist at Securonix. He has over 28 years of experience in risk and information security, digital forensic investigations including HR interrogation, legal process support and testimony. Lipinski has helped organizations of all sizes design, build and run risk, IT governance and information security programs. He has held IT executive roles in the end user space and numerous roles in IT hardware and software organizations.

    Lipinski spent the last 8 years serving as CISO of an acquisition driven, rapidly growing marketing services and business process outsourcer. He was responsible for the development of the information security, risk, IT governance, IT CERT and insider threat programs. Prior to his role as CISO, Lipinski consulted for 15 plus years in the information security, risk and business continuity space, helping large organizations in diverse industries solve their risk and information security challenges.

    Lipinski has started and owned several IT and IT security companies. He created a new, disruptive technology that defends organizations from insider threats and took to market a patented set of insider threat focused risk analysis tools that detect unauthorized network communications from large data sources such as network flow, firewall and IDS/IPS systems.

  • speaker photo
    Robert Block
    SVP, Identity Strategy, SecureAuth

    As a Senior Vice President of Identity Strategy at SecureAuth, Robert Block is responsible for helping execute on SecureAuth’s strategic vision. Considered a thought leader in IAM, Robert interacts with customers, vendors, and leading industry analysts on the state of Identity and Access Management on a regular basis. Robert has over 19 years of results-oriented Information Technology experience - of which 15 years have been focused on Identity Management, Access Management and Access Governance solutions. Robert has an in-depth understanding of various Information Security and IT challenges and requirements across multiple industries, and has worked with a diverse set of clients ranging from Global Fortune 500s to privately held small businesses.

  • speaker photo
    Ken Pyle
    Partner, Information Security, DFDR Consulting

    Ken Pyle is a partner of DFDR Consulting specializing in Information Security, Computer Forensics, Enterprise Virtualization and Network Engineering. Ken has an extensive background in Network Penetration and Remediation, Compliance and Secure Design. Prior to joining DFDR, he served as a Security and Network Engineer for several Information Technology companies and as the IT Director/Security Engineer of a large accounting firm. Ken has consulted with financial institutions, banks, government defense contractors and other highly secure facilities on issues of Information Security, Computer Forensics and Secure Network Design.

  • speaker photo
    Uday Shah
    IT Policy Risk & Compliance Manager, Fulton Financial
  • speaker photo
    Ron Winward
    Security Evangelist, Radware

    Ron Winward is a Security Evangelist for Radware, where he helps execute the company’s thought leadership on today’s security threat landscape. Ron brings nearly 20 years of experience in the Internet service provider space, most recently as Director of Network Engineering for a global infrastructure and colocation provider. With an expertise in network architectures and DDoS mitigation, Ron has helped design solutions for carriers, enterprises, and cybersecurity service providers around the world.

  • speaker photo
    Bill Kwak
    Chief Security Architect, Vaxient

    Bill Kwak has almost 20 years of combined IT and Information Security experience in the healthcare, banking & financial, government, and consulting sectors.

  • speaker photo
    Amy Mushahwar
    Data Privacy, Security, and Management Attorney

    Amy Mushahwar is a data privacy, security, and management attorney with over 15 years of experience in the technology industry in legal and engineering capacities. Amy defends companies in privacy-related matters as well as assists clients in the development of integrated digital platforms, such as cloud computing and database APIs.

  • speaker photo
    Aaron Weaver
    Application and Cloud Security Manager, Cengage Learning, OWASP

    Aaron Weaver loves to build application and cloud security programs that scale and work. He's built programs for several large organizations. Additionally he trains companies on secure code, threat modeling and cloud security. When he's not busy he enjoys making sawdust in his workshop.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store