googletag.cmd.push(function() { googletag.display('div-gpt-ad-1482431611496-4'); });
Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, March 28, 2018
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    Advisory Council Breakfast Roundtable – (VIP / INVITE ONLY)
    • session level icon
    speaker photo
    Leader in Cybersecurity Strategy, Innovation, and Economics
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    Location / Room: Strafford

    This session is for Advisory Council members only.

    8:00 am
    [SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Berwyn

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Devon

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 1 - Cyber Crimes, Threat Intelligence, and the Dark Web – Hands-On Workshop
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Ardmore

    This practical workshop will reveal the secrets of the dark-web and cybercriminals. Attendees will acquire knowledge, skills and tools to search the dark-web and analyze cyber threat intelligence. Additionally, attendees will explore how to leverage cyber intelligence on the web to proactively approach complex processes as due diligence and litigation.

    8:30 am
    Crime in a Box – Revisited
    • session level icon
    How technology changed the landscape of cyber crime and predicting future attack vectors
    speaker photo
    Owner, TJM Professional Services, LLC
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Villanova

    Twenty years ago I read an article titled “Crime in a Box.” It was a futuristic vision of how cyber crime could evolve to be the perfect crime. This session will compare and contrast the scenario described in that article to the data breach, spear-phishing, and ransomware attacks that have become our reality in the 21st century.

    8:30 am
    Featured Session: Effective 2FA – Part 1: The Technical Stuff
    • session level icon
    speaker photo
    Editor in Chief, All Things Auth, Founder, Two Factor Buddy (2FB)
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Malvern

    Two-factor authentication (2FA) is the most straightforward way for companies to drastically improve the security of their user authentication process. However, not all 2FA implementations are created equal. Thinking of quickly throwing together a workflow using SMS and calling it a day? Think again! Though popular, 2FA via SMS has many security issues and was actually deprecated by NIST in 2017. We will dive into the technical details of the most common 2FA implementations and highlight security and usability trade-offs. You will leave equipped to develop a 2FA implementation strategy that will best serve your users.

    8:30 am
    E.U.-U.S. Privacy Shield: Benefits, Challenges, and Impact of the GDPR
    • session level icon
    speaker photo
    Partner, Park Legal LLC
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Wayne

    The E.U.-U.S. Privacy Shield framework, which replaces the invalidated Safe Harbor framework, has been available to organizations since August 2016. Learn how the Privacy Shield can help your organization comply with the strict E.U. cross-border data transfer requirements for transfers to the U.S., as well as the challenges and questions about compliance with that framework that have come about as a result of the E.U. General Data Protection Regulation.

    8:30 am
    Agile Patching
    • session level icon
    A new approach to security updates and patching following Agile and NIST methodology
    speaker photo
    Security Leader, Independent Consultant
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Haverford

    Patch Management is one of the biggest security and compliance challenges for organizations to sustain. History reveals that many of the large data breaches were successful because of a missing critical security update. Further, the frequency and scope of patching continues to grow with WannaCry, Spectre, and Meltdown. This presentation offers a new approach to patching blending Agile and NIST methodologies.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE: First, Know Thyself - A Cybersecurity Message from the Federal Reserve
    • session level icon
    The Applicability of This Ancient Proverb in Battling Tomorrow’s Cyber Threats
    speaker photo
    Executive Vice President and System CISO, Federal Reserve System
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable (VIP / Invite Only)
    • session level icon
    speaker photo
    Sr. Information Technology Manager, TD Ameritrade
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Strafford

    This session is for Advisory Council Members only.

    11:15 am
    baramundi — Innovative Endpoint Management: A Holistic Approach to Vulnerability Management, Patching, OS Upgrades, and Software Distribution
    • session level icon
    speaker photo
    Executive Manager, baramundi software USA, Inc.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Wayne
    Windows Fall Anniversary Update, Office 365 Migration, Vulnerability and Patch Management: Are any of these three topics causing your blood pressure to rise? This session will show you how you can automate OS migrations, software deployment projects, and effective security exploit management all from one easy to use Endpoint Management Suite. No university degree or nerd glasses required—buckle up!

     

    11:15 am
    Vetting Your Vendors
    • session level icon
    Understanding the “Chain of Control” of Data, Security Pitfalls in Third-Party Contracts and Service Agreements
    speaker photo
    Co-Founder & Managing Partner, XPAN Law Partners
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Haverford

    One of the most important considerations in cybersecurity does not involve your own direct network security; it involves your partners and vendors. In the world of cybersecurity, you are only as strong as the weakest link in your vendor chain. The ease, convenience and cost effectiveness of outsourcing certain business functions frequently overshadows the potential pitfalls lurking in using outside third-parties and vendors. This presentation will discuss the steps your organization needs to take to ensure that any partners or vendors with access to your network systems or company data are meeting (at least) a minimum level of security requirements.

    11:15 am
    Limitations For Computers Controlling/Tabulating Voting
    • session level icon
    Can we trust our election results in the future?
    speaker photo
    Asst. Professor, Drexel University
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Villanova

    It is well understood and documented that the Russians influenced the 2016 voting results in the presidential elections via social medial. However, what are the risks associated with the computers and automation during elections. This presentation will review technology risks with voting. Is there anything that can be done to address these risks?

    11:15 am
    Wombat: State of the Phish 2018 – What Your Peers Are Doing to Reduce Successful Phishing Attacks
    • session level icon
    speaker photo
    Account Executive, Wombat Security
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Malvern

    Join Wombat Security Technologies’ Chief Architect, Kurt Wescoe, as he discusses key findings from the 2018 State of the Phish™ Report. In this session you will gain insight into current vulnerabilities, industry-specific phishing metrics, and emerging threats. This collection of data is taken from tens of millions of simulated phishing attacks sent through Wombat’s Security Education Platform over a 12-month period, responses from quarterly survey’s, and an international survey of working adults who were queried about social engineering threats and their cybersecurity behaviors.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    speaker photo
    Sr. Information Technology Manager, TD Ameritrade
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Strafford

    This session is for Advisory Council Members only.

    12:15 pm
    LUNCH KEYNOTE: Building and Nurturing Your Modern Cybersecurity Risk Programs
    • session level icon
    speaker photo
    Former CISO of vArmour, Sears, and Silver Trail Systems, Founder and IT Security Strategist, Blue Lava Consulting
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    In this presentation, Demetrios Lazarikos (Laz) will explore topics that are top of mind for Fortune 1000 Executives, Board of Directors, and practitioners that have direct involvement in building and assessing modern cybersecurity strategies and programs. Additionally, Laz will provide real world examples and best practices to effectively create, support, and evaluate the lifecycle of cybersecurity programs—a pragmatic session that is not to be missed.

    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
    Panelists:
    Scott Register, Ixia
    John McClurg Cylance
    Mike Rogers Symantec
    Tim Miller, Trend Micro
    Moderator: Dan Reither

    1:15 pm
    Panel: Cloudy With a Chance of Breach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Villanova

    Everything old is new again. Migrating to the cloud certainly is not a new thing. It is for some smaller companies that are just now able to afford making the move to the cloud. Cloud boasts a secure, disaster proof option for companies to store their data offsite with access to that data from practically anywhere. So, who’s fault is it when the data is compromised? What if your information is stolen from the cloud because another user’s data was at fault? At the end of the day, isn’t the cloud just someone else’s computer? Join this panel discussion as they guide you through the pros and cons in migrating to the cloud.
    Panelists:
    John DiLullo,Lastline
    Gus Coronel,Check Point
    Pete Molett, AccessIT Group
    Dwayne Wenger, Big Switch
    Mike Piscopo,Delta Risk
    Moderator: Anahi Santiago

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Governance and the Dreaded D Word… Documentation
    • session level icon
    speaker photo
    Director, EisnerAmper LLP
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Haverford

    We’re all caught up in the day-to-day and putting out fires, so who has time for documentation? However, one of the fundamental building blocks to a cybersecurity program is good documentation. Having the proactive thought to document policy, standards, and processes can increase consistency and effectiveness and help guide in times of panic. This discussion will go over key points of proper documentation, when and why, and leave you with key tools to get started.

    3:00 pm
    Security Breach Notification and Enforcement: A Challenging Landscape Becomes Even More Challenging
    • session level icon
    speaker photo
    Partner, Park Legal LLC
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Wayne

    As of May 25, 2018, as part of the EU General Data Protection Regulation (GDPR), all EU member states will require breach notification to the relevant supervisory authority (or authorities) within 72 hours. At the same time, the US breach notification laws are being updated to require notification in additional situations, and many new countries around the world are adopting notification laws. Given the short time frames for notification, the varying requirements for notifying individuals as well as a whole host of regulators, the likelihood of adverse media attention, and the potential for lawsuits, well-meaning organizations sometimes create additional risks for themselves when a breach occurs, based upon their lack of preparation, knowledge and training in this area. This presentation will discuss the GDPR breach notification requirements including the expectations of the European Commission and member states, as well as the growing assortment of other notification obligations across the US and world, and will include tips and recommendations for minimizing your organization’s risk.

    3:00 pm
    Tackling Medical Device Security
    • session level icon
    Preventing Connected Devices From Becoming Your Weakest Security Link
    speaker photo
    Director of Clinical Engineering, Christiana Health Care System
    speaker photo
    Associate, Meditology Services
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Malvern

    The high-profile breach events and ransomware outbreaks of 2017 have brought much needed attention to the cybersecurity of connected medical devices. Cyber criminals and hackers often take advantage of easily exploited vulnerabilities within these medical devices to gain unauthorized access to patient data and clinical networks. This session will cover the following topics:
    • Discussion on why medical devices and equipment are especially vulnerable to cyber attacks
    • Explanation on how insecure medical devices can impact patient safety and lead to large-scale data breach events
    • Specific strategic and innovative steps that leading organizations can take to protect against the security issues introduced by medical devices

    3:00 pm
    GDPR and the SMB World
    • session level icon
    Controlled concern is more productive than pure panic.
    speaker photo
    Owner, Carmel Consulting LLC
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm
    Location / Room: Villanova

    The European Union’s General Data Protection Regulation (GDPR) will go into effect on May 25, 2018. Think GDPR doesn’t apply to your organization? Think again. There are very few businesses that the GDPR will not apply to. The scope is expansive and affects businesses regardless of where they are globally located. If any part of your business touches a person in the EU – be ready! Just like the Y2K era, companies small and large have a lot of work to do in preparation. For businesses that already have a strong security and privacy program, there may be changes required to achieve full compliance. Unfortunately, SMBs are finding that there is a lot more work to do before the deadline arrives. In this session, we will cover this topic and explain how the harmonizing of privacy laws will impact your business.

    3:00 pm
    [SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Berwyn

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Devon

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    3:00 pm
    SecureWorld PLUS Part 2 - Cyber Crimes, Threat Intelligence, and the Dark Web – Hands-On Workshop
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm
    Location / Room: Ardmore

    This practical workshop will reveal the secrets of the dark-web and cybercriminals. Attendees will acquire knowledge, skills and tools to search the dark-web and analyze cyber threat intelligence. Additionally, attendees will explore how to leverage cyber intelligence on the web to proactively approach complex processes as due diligence and litigation.

    3:30 pm
    GuidePoint Reception
    • session level icon
    Join us for complimentary drinks and appetizers inside the venue
    Registration Level:
    • session level iconOpen Sessions
    3:30 pm - 5:00 pm
    Location / Room: Prefunction Grand Ballroom

    Join GuidePoint and partners for a social hour after Day 1. Come discuss the day’s events, network with security peers, and enjoy beverages and
    hors d’oeuvres. Compliments of GuidePoint and partners.
    Register Now

    Valley Tavern Inn, Radisson Hotel
    (Inside the venue)
    March 18th  • 4 – 7 p.m.
  • Thursday, March 29, 2018
    7:00 am
    Registration open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk

    Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

    8:00 am
    [SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Manager, Cyber and Information Security, Point32Health
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Berwyn

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - Cloud Security - Securing Your Organization's Digital Transformation
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Devon

    This course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.

    8:00 am
    SecureWorld PLUS Part 3 - Cyber Crimes, Threat Intelligence, and the Dark Web – Hands-On Workshop
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    Location / Room: Ardmore

    This practical workshop will reveal the secrets of the dark-web and cybercriminals. Attendees will acquire knowledge, skills and tools to search the dark-web and analyze cyber threat intelligence. Additionally, attendees will explore how to leverage cyber intelligence on the web to proactively approach complex processes as due diligence and litigation.

    8:30 am
    Up Close and Personal Cryptography
    • session level icon
    speaker photo
    Information Security Officer, DLL Group
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Haverford

    We trust cryptography but do we really know it? In most of today’s operations we rely on cryptography to ensure confidentiality, but sometimes we blindly trust the tools and processes who use it, even if they don’t differentiate strong from weak cryptographic methods. Cryptography in general is a well-established solution, but as always, the devil is in the details. Knowing in a deeper level how cryptography works has become an important topic and something that cybersecurity professionals must pay attention to.

    8:30 am
    Threat Analysis Using Cyber Table Tops
    • session level icon
    speaker photo
    Cybersecurity Fellow, Lockheed Martin
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Villanova

    As we move towards securing our systems using tools and checklists, we need to step back and look at the holistic picture. The Cyber Table Top process brings in all stakeholders and looks at all aspects of security from traditional computers and networks, to human intelligence, to maintenance, to supply chain. Unless you have the complete picture, you can’t develop a comprehensive security plan.

    8:30 am
    The Blockchain Threat Model
    • session level icon
    speaker photo
    Leader in Cybersecurity Strategy, Innovation, and Economics
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Location / Room: Wayne

    Blockchain technology is being touted as the Next Big Thing, seemingly capable of great feats of strength and perhaps even curing the common cold. But what exactly is it and how could it contribute to a security program? Perhaps more importantly, what are its inherent weaknesses? This session will delve into the technology, use cases, and threat model of distributed ledger technologies.

    9:00 am
    Exhibitor Hall open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

    9:30 am
    OPENING KEYNOTE: Meet Your New Board Member – Mr. Robot
    • session level icon
    speaker photo
    Director, Cyber Information Security Practices at ISACA and DoD Instructor
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater

    Artificial Intelligence learns from previous situations to guide, and in some cases, automate data-informed decisions. In fact, AI and Decision Making was named as one of the Deep Shift Technology Tipping Points and Society Impact findings of the 2015 WEF Survey Report. The first AI machine on a corporate board of directors is expected in 2026.

    At the same time, ISACA Sr. Manager Frank Downs believes that many corporate boards would benefit from expanding their definition of and commitment to governing business technology opportunity and responsibility. In the spirit of better governance, does the board of the future need to make room for an AI machine? If the best corporate leaders choose to surround themselves with the smartest minds—individuals who bring expertise beyond their own—then what is the role of AI on corporate boards? In this strategic and entertaining session, Downs will share his views on AI and its potential for boards and governance.

    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable (VIP / Invite Only)
    • session level icon
    speaker photo
    Information Security & Incident Response Team Lead, Wawa Inc.
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    Location / Room: Strafford

    This session is for Advisory Council Members only.

    11:15 am
    (ISC)2 Meet and Greet
    • session level icon
    Open to All Attendees
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Interested in your local associations? Join (ISC)2 for a social meet & greet and chapter news.

    11:15 am
    How to Build an Effective Security Awareness Program
    • session level icon
    speaker photo
    VP, Threat & Vulnerability Management Officer, The Bancorp
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Malvern
    11:15 am
    The Impact of the GDPR on Cross-Border Data Management and Cybersecurity
    • session level icon
    Walking the Tightrope of Compliance and Business Efficiency
    speaker photo
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Location / Room: Villanova

    Principles of data privacy, technology, and cybersecurity converge when organizations exchange, transfer and process information. With the forthcoming European Union’s General Data Protection Regulation (GDPR), the intersection of data, technology, business and law is poised to become increasingly complex. And each of these complications will have a huge impact on a company’s operations, network infrastructure, and legal relationships with third-parties. This presentation will explore the impact of the GDPR on cross-border data management, its intersection with domestic data obligations and its effect on creating efficient and secure data management practices that meet the needs of the business.

    11:15 am
    [Radware] Cybersecurity Pushed to the Limit
    • session level icon
    speaker photo
    Security Evangelist, North America, Radware
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Wayne

    Throughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.

    Join the session to learn more about:
    • The threat landscape deep dive—the who, what and why of attacks
    • Potential impact on your business, including associated costs of different cyber-attacks
    • Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
    • Emerging threats and how to protect against them
    • A look ahead – predictions and what to prepare for

    11:15 am
    Trend Micro: Preparing Your Business for GDPR Compliance
    • session level icon
    speaker photo
    VP, Infrastructure Strategies, Trend Micro
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm
    Location / Room: Haverford

    The EU General Data Protection Regulation will soon be in effect for all businesses with access to the personal data of EU citizens. Join William Malik as he explores the concept of privacy and how its evolution has been spurred by technological disruptions throughout modern history. Examine key highlights in the journey of GDPR preparation – including assessing organizational risks, tackling high-volume data sources, designing a remediation strategy and leveraging your successes to build your brand and reputation. Special attention must be paid to the implications of GDPR on blockchain deployments, as well.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    speaker photo
    Manager, Information Security, Health Partners Plans
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    Location / Room: Strafford

    This session is for Advisory Council Members only.

    12:15 pm
    LUNCH KEYNOTE: Successfully Innovating for the 21st Century: Now That We've Learned About Thinking Inside-the-Box, Can We Succeed at Thinking Outside-the-Box?
    • session level icon
    speaker photo
    Asst. Professor of Systems Engineering, U.S. Military Academy, Research Scientist, Army Cyber Institute
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater

    LTC Wong has given a number of talks introducing a systematic framework to distinguish between four different types of innovation: sustaining and incremental ones that tend to originate reactively, and breakthrough and revolutionary ones that have the greatest chances to proactively reshape the future. In this talk, he builds on his “inside-the-box” framework for increasing the odds of coming up with the next wave of successful innovations for winning in cyber warfare by getting us all to be better at thinking “outside-the-box.”

    1:15 pm
    Panel: Shifting Landscape of Attack Vectors
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Villanova

    If one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
    Panelists:
    Ron Schlect, BTB Security
    Eric Bucher, Cequence
    Matthew Cilento, Securonix
    Hassanain Kapadia, Palo Alto Networks
    John Maloney, AccessIT Group
    Moderator: Frank Piscitello

    1:15 pm
    Panel: Access Control – The End of the Password?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm
    Location / Room: Keynote Theater

    “Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo.  Is 2FA good enough? Zero Trust? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.
    Panelists:
    Joeseph Walsh, DeSales
    George Makin, Federal Reserve
    Nancy Hunter
    George Makin
    Moderator: Bob McCosky

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Don’t Get Run Over by the DevOps Train
    • session level icon
    speaker photo
    Sr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware Valley
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Haverford

    The freight train of DevOps is speeding, and security folks are likely to be run over by it or left behind. In the world of automation through APIs and infrastructure as a code, security is blindsided and trying to catch up. This session will provide some tips and tools for DevSecOps.

    3:00 pm
    Security Awareness: Reality vs Requirements
    • session level icon
    speaker photo
    Director of Cybersecurity / CISO, The Bancorp Bank
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Wayne

    Security awareness training is a required piece of an Information Security Program. However, the requirements do not always translate to secure practices in the real world. This session is designed to show how to meet regulatory requirements and have a meaningful security awareness program.

    3:00 pm
    OSINT/Social Engineering – Weaponizing Psychology and Sociology for Better Phishing
    • session level icon
    speaker photo
    Partner, Information Security, DFDR Consulting
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Villanova

    Identifying Social Engineering threats to an organization is a critical function of security. With SE being the #1 vector of attack for threats, managing risk and exposures through advanced analysis and threat modeling is critical. This session will outline advanced tactics, psychological profiling methods, tradecraft and open source investigation methods not previously explored which can be used to both attack and defend a company.

Exhibitors
  • AccessIT Group Partnering with Check Point
    Booth: 104

    AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.

    AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.

  • APM Systems Inc.
    Booth: 402

    APM Systems is one of the Philadelphia Region’s leading IT Security focused solution providers, for 16 years. Applying practical and effective IT security solutions, APM has helps secure businesses of all sizes from external and internal data security threats. The threat landscape in the past several years has changed in exceptional ways. At SecureWorld  Philadelphia, APM presents Sonicwall Security Solutions that help us fight the cyberwar battles facing us on daily basis. APM has nearly 20 years of experience working with Sonicwall technologies and enjoys bringing technology expertise to companies in Philadelphia and nationwide. Rapidly improve your security infrastructure and solve critical security challenges with Sonicwall and APM Systems.

  • ASIS
    Booth: TBD

    ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org

  • baramundi software USA, Inc.
    Booth: 316

    baramundi Software provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.

    The baramundi Management Suite (bMS) combines all important features for Endpoint Management: Patch Management, Software Deployment, OS-Installation, Enterprise Mobility Management, Vulnerability Assessment, and more. bMS optimizes IT management processes by automating routine tasks and providing an extensive overview of the status of the network and endpoints. In doing so, it relieves pressure on IT administrators and ensures that users always have the necessary rights and applications on all platforms and form factors; whether on PCs, servers, notebooks, mobile devices or Macs.

    Over 3,000 customers around the world benefit from nearly two decades of experience and the easy-to-use software solution.

  • Barkly
    Booth: 308

    Barkly is advancing endpoint security with the strongest, smartest protection delivered with simplicity. The Barkly Endpoint Protection Platform provides multi-vector attack blocking for exploits, scripts, executables, ransomware, and more, and has visibility into all levels of the system, including the CPU. Barkly is formed by an elite team of security and SaaS experts from IBM, Cisco, and Intel, backed by investors NEA and Sigma Prime, and independently certified for anti-virus replacement, HIPAA, PCI DSS & NIST. Learn more by visiting us at www.barkly.com, or follow us on Twitter @BarklyProtects.

  • Bay Pay Forum
    Booth: TBD

    The BayPay Forum, a Silicon Valley-based international network composed of over 14,000 payment and commerce executives, entrepreneurs and investors from thousands of different companies, serves as a forum to connect members in identifying and understanding the emerging trends and innovations in the industry.

  • Bromium
    Booth: 106

    Bromium uses virtualization-based security to protect our customers. Our patented hardware-enforced containerization delivers application isolation and control stopping malware in its tracks. Unlike traditional security, Bromium automatically isolates threats and adapts to new attacks using behavioral analysis and instantly shares threat intelligence to eliminate the impact of malware.

  • Carbon Black
    Booth: 210

    Carbon Black is Transforming Security Through Big Data and Analytics in the Cloud Growing trends in mobility and cloud have made the endpoint the new perimeter. New and emerging attacks are beating traditional defenses, and security teams are too reactive and held back by their technologies. Carbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, we are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.

     

  • CIOReview
    Booth: TBD

    CIOReview is a technology magazine that talks about the enterprise solutions that can redefine the business goals of enterprises tomorrow. It is the leading source that shares innovative enterprise solutions developed by established solutions providers, upcoming hot enterprises and is a neutral source for technology decision makers. Published from Fremont, California, CIOReview is an excellent platform for the enterprise to showcase their innovative solutions.

  • Critical Design Associates, Inc.
    Booth: 106

    An Information Technology consulting firm dedicated to improving our customers business through the use of technology. We are committed to the needs of our clients. Through integrity, dedication, and teamwork we provide our customers the highest quality of service. Our success is only measured by the success of our clients.

  • Cylance
    Booth: 212

    Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.

  • Darktrace
    Booth: 304

    Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.

    The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.

  • Delta Risk
    Booth: 100

    Delta Risk is breaking the mold for managed security, delivering Security Operations Center (SOC)-as-a-Service and security services that bridge the gap to a modern security approach. We enable any size organization to leverage our expert security operations team and respond to endpoint, network, and cloud security threats 24×7. ActiveEye, our proprietary platform, uses Security Orchestration Automation and Response (SOAR) to cut through the noise and address the most critical threats faster. The ActiveEye Portal is the cornerstone of our customer-centric approach, providing clients a transparent view into SOC activities and Key Performance Indicators (KPIs) that demonstrate the value of our co-managed security approach.

  • DeSales University Cyber Security Program
    Booth: 110

    DeSales University offers an exciting digital forensics certificate program, composed of four courses, that teaches students how to recover evidence from various types of electronic devices. Students receive hands-on experience with popular forensic tools and are prepared to address the legal and investigative issues involved with seizing and handling digital evidence. Graduates of the certificate program can add more courses toward a master’s degree in criminal justice or information systems. All courses are online, allowing students with busy schedules greater flexibility.

  • Digital Guardian
    Booth: 200

    Digital Guardian provides the industry’s only threat aware data protection platform that is purpose built to stop data theft from insiders and outside adversaries. The Digital Guardian platform performs across the corporate network, traditional endpoints, mobile devices and cloud applications and is buttressed by a big data security analytics cloud service, to make it easier to see and block all threats to sensitive information.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Electronic Crimes Task Force
    Booth:

    The role of the U.S. Secret Service has gradually evolved since the agency’s 1865 inception, from its initial mandate — suppressing the counterfeiting of U.S. currency — to protecting the integrity of the nation’s financial payment systems. During this time, as methods of payment have evolved, so has the scope of the Secret Service’s mission. Computers and other chip devices are now the facilitators of criminal activity or the target of such, compelling the involvement of the Secret Service in combating cyber crime. The perpetrators involved in the exploitation of such technology range from traditional fraud artists to violent criminals – all of whom recognize new opportunities to expand and diversify their criminal portfolio.

  • enSilo
    Booth: 300

    enSilo protects businesses around the world from data breaches and disruption caused by cyber attacks. The enSilo Endpoint Security Platform comprehensively secures endpoints in real-time pre- and post-infection without alert fatigue, excessive dwell time or breach anxiety while also containing incident response costs by orchestrating automated detection, prevention and incident response actions against advanced malware. enSilo’s patented approach stops advanced malware with a high degree of precision, provides full system visibility and an intuitive user interface and combines next-generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response, and virtual patching capabilities in a single agent. The platform can be deployed either in the cloud or on-premises and supports multi-tenancy.

  • ExtraHop
    Booth: 114

    ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com

  • Global Cyber Alliance
    Booth: TBD

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • GuidePoint Security LLC
    Booth: 200

    GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com

  • Gigamon
    Booth: 200

    Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com. 

  • HTCIA Delaware Valley Chapter
    Booth:

    The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge, about methods, processes, and techniques relating to investigation and security in advanced technologies among its membership.

    By becoming a member of the HTCIA you will affiliate yourself with a professional organization which will help you fully understand and address issues associated with investigations, apprehensions and methodologies associated with the newest breed of high tech criminals. With the explosion in use of computers and the Internet, there is an uprising in criminal activities that utilize these powerful tools. From computer viruses to data processing fraud, there are many growing threats that expose our society to a new kind of criminal activity.

  • Philadelphia InfraGard Members Alliance
    Booth:

    InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.

  • iovation
    Booth: 208

    iovation protects online businesses and their end users against fraud and abuse, and identifies trustworthy customers through a combination of advanced device identification, shared device reputation, device-based authentication and real-time risk evaluation. More than 3,500 fraud managers representing global retail, financial services, insurance, social network, gaming and other companies leverage iovation’s database of billions of Internet devices and the relationships between them to determine the level of risk associated with online transactions. The company’s device reputation database is the world’s largest, used to protect 15 million transactions and stop an average of 300,000 fraudulent activities every day. The world’s foremost fraud experts share intelligence, cybercrime tips and online fraud prevention techniques in iovation’s Fraud Force Community, an exclusive virtual crime-fighting network.

  • ISACA Philadelphia
    Booth:

    The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.

  • ISC2
    Booth: TBD

    ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.

  • ISSA Delaware Valley
    Booth:

    Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
    We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.”

  • Ixia, a Keysight Business
    Booth: 102

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • Netskope
    Booth: 200

    The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.

  • Okta
    Booth: 200

    Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.

  • OWASP
    Booth:

    The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

  • PACT
    Booth:

    Philadelphia Alliance for Capital and Technologies (PACT)’s vision is to be the go-to resource for fast growing companies, and a driver of entrepreneurship and innovation in the Philadelphia region. PACT provides its members with valuable content and connections to capital, coaching, and customers that will accelerate their growth and success, and to collaborate with other organizations to drive innovation and entrepreneurship in the region. Visit www.philadelphiapact.com for more information.

  • Palo Alto Networks
    Booth: 112

    Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.

  • Radware
    Booth: 314

    Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.

  • Rapid7
    Booth: 218

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • SailPoint
    Booth: 108

    SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.

  • Securonix
    Booth: 322

    Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.

  • SentinelOne
    Booth: 312

    SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.

  • Skybox Security
    Booth: 200

    Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.

  • Splunk
    Booth: 200

    You see servers and devices, apps and logs, traffic and clouds. We see data—everywhere. Splunk® offers the leading platform for Operational Intelligence. It enables the curious to look closely at what others ignore—machine data—and find what others never see: insights that can help make your company more productive, profitable, competitive and secure. What can you do with Splunk?
    Just ask.

  • Sumo Logic
    Booth: 302

    Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.

  • Synopsys
    Booth: 216

    Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

  • Tanium
    Booth: 112

    Tanium defends every team, endpoint and workflow against the largest attack surface in history by delivering the industry’s first convergence of IT management and security operations with a single platform under a new category, Converged Endpoint Management (XEM).

    The integrated offering links IT operations, security and risk teams from a single pane of glass to provide a shared source of truth, a unified set of controls, and a common taxonomy that brings together siloed teams for a shared purpose—to protect critical information and infrastructure.

    For more information, visit: https://www.tanium.com.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

  • ThinAir
    Booth: 310

    ThinAir simplifies information visibility and security, and enables insider threat and information leak investigation in 90 seconds. ThinAir has built the world’s first insider detection and investigation platform that answers sophisticated questions about information creation, consumption, and communication, empowering security and IT professionals to have instant data-element level visibility in real time and historically. To learn more visit thinair.com and connect with us on Twitter @thinairlabs and LinkedIn.

  • Trend Micro
    Booth: 306

    Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.

  • Varonis Systems, Inc.
    Booth: 200

    Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

  • WatchGuard
    Booth: 214

    WatchGuard offers industry-leading network security, secure Wi-Fi, and multi-factor authentication solutions to businesses around the world. In a world where the threat landscape is constantly evolving, and new threats emerge each day, WatchGuard provides robust security in a simple, easy-to-manage way.

  • Wombat Security Technologies
    Booth: 318

    Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS cyber security education solution includes a platform of integrated broad assessments, and a library of simulated attacks and brief interactive training modules, to reduce employee susceptibility to attack, even phishing attacks, over 80%.

  • Xton Technologies
    Booth: 322

    XTAM is a privileged account management software which includes Web based password vault with password rotation, discovery, workflow controlled access, high trust login, session and keystroke recording with instant playback, full audit trail, elevated script automation, alerting and extensive analytics. XTAM integrates with AD/LDAP, SIEM, multi factor authentication providers and ticketing systems. XTAM is an agentless, scalable solution for on premises, hybrid and cloud deployments. Download a free trial now at www.xtontech.com.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Pete Lindstrom, Instructor
    Leader in Cybersecurity Strategy, Innovation, and Economics

    Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Roy Zur
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI

    Roy Zur is a cyber intelligence expert, an attorney, and the founder and CEO of Cybint Solutions, a cyber education company. Roy has over a decade of experience in cyber and intelligence operations from the Israeli security forces (Retired Major), and has developed cyber education programs and technological solutions for companies, educational institutions, and government agencies around the world.

  • speaker photo
    John Kveragas
    Owner, TJM Professional Services, LLC

    John E. Kveragas, Jr., CPA, CISA, is a seasoned Internal Audit Executive with over 20 years’ experience in IT, operational, financial, and compliance auditing in multiple industries. John has extensive expertise with building effective internal audit functions, training and development, and managing regulatory exams with positive outcomes for financial institutions ranging from FinTech startups to Top 10 banks. He is the founder and owner of TJM Professional Services which is a cybersecurity consulting and training firm focused on small businesses. John is a frequent speaker for ISACA, The Institute of Internal Auditors, and SecureWorld on the topics of Internal Audit, Information Security, and Compliance.

  • speaker photo
    Conor Gilsenan
    Editor in Chief, All Things Auth, Founder, Two Factor Buddy (2FB)

    Conor Gilsenan is a software engineer who has spent the past eight years focusing on security. He has worn many hats, including: programmer, architect, specification author, and UX contributor. He believes that UX is a critical and historically discounted component of any security solution, and is passionate about putting users first. He is the Editor in Chief at All Things Auth and the Founder of Two Factor Buddy (2FB).

  • speaker photo
    Joan Antokol
    Partner, Park Legal LLC

    Joan has experience as an in-house global privacy officer for a Fortune 500 company, and also served as a Partner and chair of the data privacy practice for a large international law firm. Since 2010, she has operated her own law firm, Park Legal, LLC, with offices in New Jersey and Indianapolis. Since 2003, Joan has been invited to be a member of the International Working Group on Data Protection in Technology (IWGDPT), which is an international group of data protection regulators chaired by the Berlin Data Protection Commissioner. Joan has also presented multiple times at the International Data Protection Commissioners' Conferences and has written a number of articles on data protection and security topics.

  • speaker photo
    Michael Hoehl
    Security Leader, Independent Consultant

    Security Leader with experience in Health, Manufacturing, Financial Services, and Retail Industries.

  • speaker photo
    Devon Bryan
    Executive Vice President and System CISO, Federal Reserve System

    Devon Bryan is Executive Vice President and Chief Information Security Officer (CISO) for the Federal Reserve System. As CISO, Devon oversees information security, including incident response, for the enterprise, ensuring information security architecture, standards, policies, and programs remain effective and efficient. Devon was appointed System CISO in February 2016.

    Devon came to the Federal Reserve from Fortune 500 payroll and human resources provider ADP, where he served as Global CISO. Devon led ADP’s information security strategy, collaborating across the company’s geographically dispersed business operations to ensure coordination, consensus, and effective execution across global operations. Prior to joining ADP in 2011, he served as the Deputy CISO for the Internal Revenue Service (IRS) after directing the IRS’s FISMA-compliant information security program and leading the IRS’s incident response team.

    His information security career began in the U.S. Air Force, where he served as a Captain and lead engineer working on systems and programs to protect the critical network and communications tools of the Air Force’s Air Combat Command.

    Devon is Co-Founder and immediate past president of ICMCP (International Consortium of Minority Cybersecurity Professionals), which he launched in an attempt to bridge the "great minority cyber divide" by providing academic scholarships, innovative outreach, mentoring, and networking programs targeting minority cybersecurity professionals worldwide and by promoting academic and technical excellence in our tradecraft.

    Devon received a Bachelor of Science, Applied Mathematics from South Dakota Technological University and a Master of Science, Computer Science from Colorado Technological University, graduating Summa Cum Laude. He holds multiple certifications: CISSP, CIPP/US, CIPP/EU, and CISA. He participates in several industry forums, and is a sought after speaker and writer on emerging cybersecurity trends and issues.

  • speaker photo
    Louise O’Donnell
    Sr. Information Technology Manager, TD Ameritrade
  • speaker photo
    Jonathan Lange
    Executive Manager, baramundi software USA, Inc.

    Jonathan Lange is sales manager for baramundi software USA, Inc. in the US market. Having advised customers in various countries from small businesses to global enterprises, he is well aware of the challenges IT departments face today in order to keep their infrastructure up-to-date, safe and efficient.

  • speaker photo
    Rebecca Rakoski
    Co-Founder & Managing Partner, XPAN Law Partners

    Rebecca L. Rakoski is the managing partner at XPAN Law Partners, LLC. Rebecca advises her clients on a proactive, multi jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She uses her extensive experience to work with her clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.

    Rebecca counsels and aggressively defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. As an experienced litigator, Rebecca has handled hundreds of matters in state and federal courts. Rebecca skillfully manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to minimize her client's litigation risks.

    Rebecca regularly negotiates complex contractual provisions that are impacted by domestic and international data privacy regulations including the California Consumer Privacy Act of 2018, and the European Union's General Data Protection Regulation. She understands how the nature of the data can affect the role her client plays in the data transaction and uses that knowledge to mitigate corporate liability.
    As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section.

    Rebecca has been appointed and served in multiple highly complex litigation matters by the New Jersey Superior Court as a Special Master in the areas of technology and eDiscovery. She also served on the Complex Business Litigation Committee that drafted and revised the New Jersey Court Rules involving electronic discovery. Rebecca was on the eDiscovery committee of her prior law firm and created its eDiscovery subgroup.

    Rebecca is on the Board of Governors for Temple University Health Systems and is also the Acting Dean of Online Learning and an adjunct professor at Drexel University’s Thomas R. Kline School of Law.

  • speaker photo
    Robert McKosky
    Asst. Professor, Drexel University

    Dr. Robert McKosky served as the Director of Information Security at MBNA America and was the Technical Program Director for the Network Infrastructure Laboratory at GTE. He has organized and participated in various simulated attacks (Tiger Teams) to identify weaknesses in security systems. Mac has consulted to the CTIA, NSA, Secret Service, FBI, CIA, Scotland Yard, the Royal Canadian Mounted Police, and various state and local law enforcement organizations. Mac is a Certified Secure Software Lifecycle Professional (CSSLP) and a Certified Information System Security Professional (CISSP) and was one of the authors of the original certification exam.

  • speaker photo
    Chris Thielet
    Account Executive, Wombat Security

    Chris has over 15 years' experience in training program development. For over two years at Wombat he has worked with security professionals in over 22 countries to plan, develop, and implement successful cybersecurity education programs. These programs have focused on phishing simulations, training methodologies, and engaging end users to reduce risk.

  • speaker photo
    Louise O’Donnell
    Sr. Information Technology Manager, TD Ameritrade
  • speaker photo
    Demetrios 'Laz' Lazarikos
    Former CISO of vArmour, Sears, and Silver Trail Systems, Founder and IT Security Strategist, Blue Lava Consulting

    Demetrios Lazarikos (Laz), a recognized visionary for building Information Security, fraud, and big data analytics solutions, is the Founder and IT Security Strategist for Blue Lava Consulting.

    Laz has more than 30 years' experience in building and supporting some of the largest InfoSec programs for financial services, retail, hospitality, and transportation verticals. Some of his past roles include: CISO at vArmour, CISO at Sears, CISO at Silver Tail Systems (acquired by RSA/EMC), VP of Strategic Initiatives at ReddShell Corporation (acquired by TrustWave), and a former PCI QSA.

    Laz is an Adjunct Professor at Pepperdine University's Graziadio School of Business and Management. He holds a Master’s in Computer Information Security from the University of Denver and an MBA from Pepperdine University, and has earned several security and compliance certifications.

  • speaker photo
    Lena Licata
    Director, EisnerAmper LLP

    Lena Licata is a Director in the Consulting Services Group, at EisnerAmper LLP, with over 10 years of experience including public accounting and private industry. She assists clients primarily in the financial services, providing a host of IT audit and risk services including identity and access management remediation, vendor risk and internal audit engagements.

  • speaker photo
    Joan Antokol
    Partner, Park Legal LLC

    Joan has experience as an in-house global privacy officer for a Fortune 500 company, and also served as a Partner and chair of the data privacy practice for a large international law firm. Since 2010, she has operated her own law firm, Park Legal, LLC, with offices in New Jersey and Indianapolis. Since 2003, Joan has been invited to be a member of the International Working Group on Data Protection in Technology (IWGDPT), which is an international group of data protection regulators chaired by the Berlin Data Protection Commissioner. Joan has also presented multiple times at the International Data Protection Commissioners' Conferences and has written a number of articles on data protection and security topics.

  • speaker photo
    Blake Collins
    Director of Clinical Engineering, Christiana Health Care System

    Blake Collins has been in the Health Technology field for over 27 years and the health care industry for over 34 years. He retired from the United States Navy after 21 years in 2004. He received his basic and advanced BMET training in Aurora, Co. at the United States Army Medical Equipment and Optical School. After retirement, he became a Regional Director for a large health system in Knoxville, TN before joining TriMedx in 2006 as a Regional Director of Service operations. In 2012 he joined Christiana Care in Newark, Delaware, as the Director of Clinical Engineering.

    Blake received his BSOE in Biomedical Technology from Wayland Baptist University, has an MBA, and is a certified BMET, Healthcare Technology Manager and Fellow at the Advisory Board Company.

  • speaker photo
    Akshay Finney
    Associate, Meditology Services

    Akshay Finney is an IT Risk Management Associate who specializes in Security risk assessments and Medical Device Security. As an Associate, he works closely with the Risk Management Team to assess and identify the client’s risks, and guide them in mitigating the identified risks. He also specializes in security and network operations to provide actionable intelligence to clients. He has developed and helped execute strategic security programs for various clients. He has experience with various regulatory frameworks such as HIPAA, HITRUST and SOC-2. He is a Master’s graduate in Cybersecurity and is a security researcher on cyber physical systems and Internet of Things.

  • speaker photo
    Cheryl Carmel, Moderator
    Owner, Carmel Consulting LLC

    Ms. Carmel is a member of (ISC)2 where she holds her CISSP, and IAPP where she holds her CIPT. She is a member of InfraGard and has been on the Advisory Council for SecureWorld for many years.

    Ms. Carmel began her career in technology with experience in application development, infrastructure operations, technical support, and teaching. She pivoted to focus on security in 1999. Her most recent role was VP of Security, Privacy, and Compliance at OnSolve where she was responsible for maturing the program to enable successfully implement security controls to meet the rigors of FedRAMP, while maintaining the controls for ISO 27001, HIPAA, and privacy laws. Before that, she was the BISO at FIS (SunGard Financial Systems).

  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Roy Zur
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI

    Roy Zur is a cyber intelligence expert, an attorney, and the founder and CEO of Cybint Solutions, a cyber education company. Roy has over a decade of experience in cyber and intelligence operations from the Israeli security forces (Retired Major), and has developed cyber education programs and technological solutions for companies, educational institutions, and government agencies around the world.

  • speaker photo
    Happy Hour
  • speaker photo
    Larry Wilson, CISSP, CISA, Instructor
    Manager, Cyber and Information Security, Point32Health

    Larry Wilson is an Information Security Manager at Point32Healt in Canton, MA. He was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.

  • speaker photo
    Gene Kingsley
    Director, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance

    Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.

  • speaker photo
    Roy Zur
    Former Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI

    Roy Zur is a cyber intelligence expert, an attorney, and the founder and CEO of Cybint Solutions, a cyber education company. Roy has over a decade of experience in cyber and intelligence operations from the Israeli security forces (Retired Major), and has developed cyber education programs and technological solutions for companies, educational institutions, and government agencies around the world.

  • speaker photo
    Alejandro Languren
    Information Security Officer, DLL Group

    Alejandro is a cybersecurity professional, experienced in Information Security, IT Infrastructure, and Software Development areas—with working experience in multinational organizations covering positions in the United States and Latin America. Currently working in a world class financial organization, with continuous collaboration with diverse and multicultural teams worldwide. He holds a bachelor’s degree in Communications and Electronics and a master’s degree in Computer Sciences from Mexico’s National Polytechnic Institute; as well as CISSP, CISSM, CISA, CRISC, CEH and CSM certifications.

  • speaker photo
    Tom Plummer
    Cybersecurity Fellow, Lockheed Martin

    Cybersecurity Fellow to provide architecture guidance across products and programs. BS Computer Engineering. CISSP.

  • speaker photo
    Pete Lindstrom, Instructor
    Leader in Cybersecurity Strategy, Innovation, and Economics

    Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.

  • speaker photo
    Frank Downs
    Director, Cyber Information Security Practices at ISACA and DoD Instructor

    Downs, an 11-year cybersecurity specialist, graduated with a bachelor’s degree in English from the University of Maryland, after which he promptly joined the US Department of Defense as a subject matter expert, working with computer networks on a daily basis. Realizing that English and cybersecurity were two very different concepts, Frank proceeded to obtain a master’s degree in cybersecurity from UMBC, after a pit stop at Johns Hopkins to obtain a master’s degree in Government. Eventually, he decided to ease the learning process for individuals transitioning from non-technical backgrounds into cybersecurity by becoming a full-time Intelligence and Operations Consultant for multiple federal law enforcement and intelligence agencies. He is now Senior Manager, Cyber Information Security Practices at ISACA, sharing the good news about ISACA’s Cybersecurity Nexus (CSX) platform.

  • speaker photo
    David Ruess
    Information Security & Incident Response Team Lead, Wawa Inc.
  • speaker photo
    Peter Iancic
    VP, Threat & Vulnerability Management Officer, The Bancorp

    Peter has over 10 years of experience in cybersecurity, working for financial industry companies such as JP Morgan Chase and The Bancorp. He holds multiple certifications, including CISSP, CEH, and CHFI.

  • speaker photo
    Jordan Fischer, Instructor
    Cyber Attorney, Partner, Constangy, Brooks, Smith & Prophete, LLP

    Jordan Fischer represents clients in cross-border data management, creating cost-effective and business-oriented approaches to cybersecurity, data privacy, and technology compliance. Recognized as a Super Lawyers Rising Star – Technology Law, Jordan practices in many jurisdictions throughout the United States in both state and federal courts, as well as internationally in both Europe and Asia.

    Jordan has counseled clients on a wide variety of regulatory requirements, including the General Data Protection Regulation (GDPR), and implementing member state law, the California Consumer Privacy Act (CCPA), the Fair Credit Reporting Act, the Driver's Privacy Protection Act, biometric data laws, global data breach standards, and federal and state unfair business practices acts. She also provides counsel on a variety of security and privacy frameworks, including the International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST) cyber and privacy frameworks, and the Payment Credit Card Industry Data Security Standard (PCI DSS).

    Jordan has extensive experience in the intersection of law and technology, regularly evaluating and assessing legal and business opportunities and risk to provide public and private sector clients with critical data privacy and cybersecurity assessments and strategy. With a global perspective, Jordan represents clients regarding contractual negotiations related to technology, data management, security, and privacy, and helps to build out compliance programs to address a multitude of regulatory requirements and best practices. She also provides insight into third-party management, working with clients to build solutions to ensure security and privacy are accounted for in the supply chain. Jordan has represented clients in a variety of sectors, including emerging technologies (blockchain, Internet of Things/IoT, and Artificial Intelligence/AI), pharmaceutical, healthcare, agriculture, adtech, and manufacturing. Jordan works with clients to develop business solutions that incorporate privacy-by-design and security-by-design concepts, merging regulatory requirements with real-world practical solutions.

  • speaker photo
    Ron Winward
    Security Evangelist, North America, Radware

    As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
    Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
    Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
    Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
    Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation.

  • speaker photo
    William J. Malik, CISA
    VP, Infrastructure Strategies, Trend Micro

    William Malik helps clients structure their IT environments to minimize the loss, alternation, or inadvertent exposure of sensitive information. His information technology career spans over four decades. Prior to Trend Micro, he worked at Gartner for twelve years where he led the information security strategies service and the application integration and middleware strategies service. Before Gartner, William was CTO of Waveset, an identity management vendor. He also co-authored the Cobit version 3 standard. In addition, he spent 12 years at IBM, where he worked in MVS development, testing, and business planning. William is a Certified Information Systems Auditor (CISA).

  • speaker photo
    Daniel Reither
    Manager, Information Security, Health Partners Plans
  • speaker photo
    Lieutenant Colonel Ernest Wong
    Asst. Professor of Systems Engineering, U.S. Military Academy, Research Scientist, Army Cyber Institute

    Ernest Wong is a Research Scientist at the Army Cyber Institute and a United States Military Academy Assistant Professor of Systems Engineering.

  • speaker photo
    Vana Khurana
    Sr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware Valley

    Vana Khurana is CISSP, AWS Certified Architect (A), CCSP, CCSK, GSEC, and TOGAF certified. Vana serves as Director of Training and a Board Member of Cloud Security Alliance Delaware Valley Chapter. She is also an Adjunct Faculty at Temple University, Philadelphia. Vana has authored the book "IT Process Management," available on Amazon.

  • speaker photo
    Tony Meholic
    Director of Cybersecurity / CISO, The Bancorp Bank

    Anthony is currently Director of Cybersecurity, Chief Security Officer at The Bancorp Inc. in Wilmington, Delaware. He has worked extensively with application development including creation of simulation software for emergency medical providers, work with local government agencies on EMS trending and metrics and customized user interfaces for medical diagnostic software. His experience in Information Security at The Bancorp, JPMorgan Chase, Citibank and Republic Bank in Philadelphia included detailed work on encryption key management, security reviews, risk assessments and security testing for financial institutions. He has been responsible for the creation and implementation of numerous information security programs such as: Mapping of the Cybersecurity program to the NIST Cybersecurity Framework and FFIEC Self-Assessment Tool, Vendor Management, project security reviews, customized encryption key management, establishment of an internal penetration testing program, comprehensive risk assessment, and vulnerability management. Anthony is a graduate of Michigan State University and has over 20 years of IT experience. He is a regular speaker at international information security conferences and is a frequent trainer for a variety of federal agencies. Anthony has authored numerous articles for Tech Target, Information Security Magazine and Hackin9 Magazine.

  • speaker photo
    Ken Pyle
    Partner, Information Security, DFDR Consulting

    Ken Pyle is a partner of DFDR Consulting specializing in Information Security, Computer Forensics, Enterprise Virtualization, and Network Engineering. Ken has an extensive background in Network Penetration and Remediation, Compliance, and exploit development. Ken has published exploit research and vulnerabilities for a large number of companies, including Dell, Cisco, Sonicwall, Sage Software, and DATTO. Ken’s academic work includes social engineering research, election interference,, application of sociology and psychological factors to phishing campaigns, and technical work on next generation attacks.

Conference Microsite!
Registration is quick and easy. Once you get started, use a browser on your phone or tablet to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
15th Annual Conference

Don't miss out! Join your InfoSec peers for high-quality, affordable training and networking. Sign up today.