- Open Sessions
- Conference Pass
- SecureWorld Plus
- VIP / Exclusive
- Wednesday, March 28, 20187:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 amAdvisory Council Breakfast Roundtable – (VIP / INVITE ONLY)Leader in Cybersecurity Strategy, Innovation, and EconomicsRegistration Level:- VIP / Exclusive
8:00 am - 9:15 amLocation / Room: StraffordThis session is for Advisory Council members only.
8:00 am[SecureWorld PLUS] Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity FrameworkEarn 16 CPEs With This in-Depth 3-Part CourseSr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: BerwynThe University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report
The class will help individuals and organizations acquire knowledge, skills and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the Instructor – Larry Wilson:
- Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
8:00 amSecureWorld PLUS Part 1 - Cloud Security - Securing Your Organization's Digital TransformationEarn 16 CPEs With This in-Depth 3-Part CourseDirector, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members AllianceRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: DevonThis course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.
8:00 amSecureWorld PLUS Part 1 - Cyber Crimes, Threat Intelligence, and the Dark Web – Hands-On WorkshopEarn 16 CPEs With This in-Depth 3-Part CourseFormer Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRIRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: ArdmoreThis practical workshop will reveal the secrets of the dark-web and cybercriminals. Attendees will acquire knowledge, skills and tools to search the dark-web and analyze cyber threat intelligence. Additionally, attendees will explore how to leverage cyber intelligence on the web to proactively approach complex processes as due diligence and litigation.
8:30 amCrime in a Box – RevisitedHow technology changed the landscape of cyber crime and predicting future attack vectorsOwner, TJM Professional Services, LLCRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: VillanovaTwenty years ago I read an article titled “Crime in a Box.” It was a futuristic vision of how cyber crime could evolve to be the perfect crime. This session will compare and contrast the scenario described in that article to the data breach, spear-phishing, and ransomware attacks that have become our reality in the 21st century.
8:30 amFeatured Session: Effective 2FA – Part 1: The Technical StuffEditor in Chief, All Things Auth, Founder, Two Factor Buddy (2FB)Registration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: MalvernTwo-factor authentication (2FA) is the most straightforward way for companies to drastically improve the security of their user authentication process. However, not all 2FA implementations are created equal. Thinking of quickly throwing together a workflow using SMS and calling it a day? Think again! Though popular, 2FA via SMS has many security issues and was actually deprecated by NIST in 2017. We will dive into the technical details of the most common 2FA implementations and highlight security and usability trade-offs. You will leave equipped to develop a 2FA implementation strategy that will best serve your users.
8:30 amE.U.-U.S. Privacy Shield: Benefits, Challenges, and Impact of the GDPRPartner, Park Legal LLCRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: WayneThe E.U.-U.S. Privacy Shield framework, which replaces the invalidated Safe Harbor framework, has been available to organizations since August 2016. Learn how the Privacy Shield can help your organization comply with the strict E.U. cross-border data transfer requirements for transfers to the U.S., as well as the challenges and questions about compliance with that framework that have come about as a result of the E.U. General Data Protection Regulation.
8:30 amAgile PatchingA new approach to security updates and patching following Agile and NIST methodologySecurity Leader, Independent ConsultantRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: HaverfordPatch Management is one of the biggest security and compliance challenges for organizations to sustain. History reveals that many of the large data breaches were successful because of a missing critical security update. Further, the frequency and scope of patching continues to grow with WannaCry, Spectre, and Meltdown. This presentation offers a new approach to patching blending Agile and NIST methodologies.
9:00 amExhibitor Hall openRegistration Level:- Open Sessions
9:00 am - 3:00 pmLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
9:30 amOPENING KEYNOTE: First, Know Thyself - A Cybersecurity Message from the Federal ReserveThe Applicability of This Ancient Proverb in Battling Tomorrow’s Cyber ThreatsGlobal CISO, Carnival CorporationRegistration Level:- Open Sessions
9:30 am - 10:15 amLocation / Room: Keynote Theater10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
10:15 am - 11:15 amLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
11:00 amAdvisory Council Roundtable (VIP / Invite Only)Sr. Information Technology Manager, TD AmeritradeRegistration Level:- VIP / Exclusive
11:00 am - 12:00 pmLocation / Room: StraffordThis session is for Advisory Council Members only.
11:15 ambaramundi — Innovative Endpoint Management: A Holistic Approach to Vulnerability Management, Patching, OS Upgrades, and Software DistributionExecutive Manager, baramundi software USA, Inc.Registration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: WayneWindows Fall Anniversary Update, Office 365 Migration, Vulnerability and Patch Management: Are any of these three topics causing your blood pressure to rise? This session will show you how you can automate OS migrations, software deployment projects, and effective security exploit management all from one easy to use Endpoint Management Suite. No university degree or nerd glasses required—buckle up! 11:15 amVetting Your VendorsUnderstanding the “Chain of Control” of Data, Security Pitfalls in Third-Party Contracts and Service AgreementsCo-Founder & Managing Partner, XPAN Law PartnersRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: HaverfordOne of the most important considerations in cybersecurity does not involve your own direct network security; it involves your partners and vendors. In the world of cybersecurity, you are only as strong as the weakest link in your vendor chain. The ease, convenience and cost effectiveness of outsourcing certain business functions frequently overshadows the potential pitfalls lurking in using outside third-parties and vendors. This presentation will discuss the steps your organization needs to take to ensure that any partners or vendors with access to your network systems or company data are meeting (at least) a minimum level of security requirements.
11:15 amLimitations For Computers Controlling/Tabulating VotingCan we trust our election results in the future?Asst. Professor, Drexel UniversityRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: VillanovaIt is well understood and documented that the Russians influenced the 2016 voting results in the presidential elections via social medial. However, what are the risks associated with the computers and automation during elections. This presentation will review technology risks with voting. Is there anything that can be done to address these risks?
11:15 amWombat: State of the Phish 2018 – What Your Peers Are Doing to Reduce Successful Phishing AttacksAccount Executive, Wombat SecurityRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: MalvernJoin Wombat Security Technologies’ Chief Architect, Kurt Wescoe, as he discusses key findings from the 2018 State of the Phish™ Report. In this session you will gain insight into current vulnerabilities, industry-specific phishing metrics, and emerging threats. This collection of data is taken from tens of millions of simulated phishing attacks sent through Wombat’s Security Education Platform over a 12-month period, responses from quarterly survey’s, and an international survey of working adults who were queried about social engineering threats and their cybersecurity behaviors.
12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)Sr. Information Technology Manager, TD AmeritradeRegistration Level:- VIP / Exclusive
12:00 pm - 1:00 pmLocation / Room: StraffordThis session is for Advisory Council Members only.
12:15 pmLUNCH KEYNOTE: Building and Nurturing Your Modern Cybersecurity Risk ProgramsFormer CISO of vArmour, Sears, and Silver Trail Systems, Founder and IT Security Strategist, Blue Lava ConsultingRegistration Level:- Open Sessions
12:15 pm - 1:00 pmLocation / Room: Keynote TheaterIn this presentation, Demetrios Lazarikos (Laz) will explore topics that are top of mind for Fortune 1000 Executives, Board of Directors, and practitioners that have direct involvement in building and assessing modern cybersecurity strategies and programs. Additionally, Laz will provide real world examples and best practices to effectively create, support, and evaluate the lifecycle of cybersecurity programs—a pragmatic session that is not to be missed.
1:15 pmPanel: Building a Better Mouse Trap (Emerging Threats)Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: Keynote TheaterTo be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.
Panelists:
Scott Register, Ixia
John McClurg Cylance
Mike Rogers Symantec
Tim Miller, Trend Micro
Moderator: Dan Reither1:15 pmPanel: Cloudy With a Chance of BreachRegistration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: VillanovaEverything old is new again. Migrating to the cloud certainly is not a new thing. It is for some smaller companies that are just now able to afford making the move to the cloud. Cloud boasts a secure, disaster proof option for companies to store their data offsite with access to that data from practically anywhere. So, who’s fault is it when the data is compromised? What if your information is stolen from the cloud because another user’s data was at fault? At the end of the day, isn’t the cloud just someone else’s computer? Join this panel discussion as they guide you through the pros and cons in migrating to the cloud.
Panelists:
John DiLullo,Lastline
Gus Coronel,Check Point
Pete Molett, AccessIT Group
Dwayne Wenger, Big Switch
Mike Piscopo,Delta Risk
Moderator: Anahi Santiago2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
2:15 pm - 3:00 pmLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
3:00 pmGovernance and the Dreaded D Word… DocumentationRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: HaverfordWe’re all caught up in the day-to-day and putting out fires, so who has time for documentation? However, one of the fundamental building blocks to a cybersecurity program is good documentation. Having the proactive thought to document policy, standards, and processes can increase consistency and effectiveness and help guide in times of panic. This discussion will go over key points of proper documentation, when and why, and leave you with key tools to get started.
3:00 pmSecurity Breach Notification and Enforcement: A Challenging Landscape Becomes Even More ChallengingPartner, Park Legal LLCRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: WayneAs of May 25, 2018, as part of the EU General Data Protection Regulation (GDPR), all EU member states will require breach notification to the relevant supervisory authority (or authorities) within 72 hours. At the same time, the US breach notification laws are being updated to require notification in additional situations, and many new countries around the world are adopting notification laws. Given the short time frames for notification, the varying requirements for notifying individuals as well as a whole host of regulators, the likelihood of adverse media attention, and the potential for lawsuits, well-meaning organizations sometimes create additional risks for themselves when a breach occurs, based upon their lack of preparation, knowledge and training in this area. This presentation will discuss the GDPR breach notification requirements including the expectations of the European Commission and member states, as well as the growing assortment of other notification obligations across the US and world, and will include tips and recommendations for minimizing your organization’s risk.
3:00 pmTackling Medical Device SecurityPreventing Connected Devices From Becoming Your Weakest Security LinkDirector of Clinical Engineering, Christiana Health Care SystemAssociate, Meditology ServicesRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: MalvernThe high-profile breach events and ransomware outbreaks of 2017 have brought much needed attention to the cybersecurity of connected medical devices. Cyber criminals and hackers often take advantage of easily exploited vulnerabilities within these medical devices to gain unauthorized access to patient data and clinical networks. This session will cover the following topics:
• Discussion on why medical devices and equipment are especially vulnerable to cyber attacks
• Explanation on how insecure medical devices can impact patient safety and lead to large-scale data breach events
• Specific strategic and innovative steps that leading organizations can take to protect against the security issues introduced by medical devices3:00 pmGDPR and the SMB WorldControlled concern is more productive than pure panic.Owner, Carmel Consulting LLCRegistration Level:- Open Sessions
3:00 pm - 3:45 pmLocation / Room: VillanovaThe European Union’s General Data Protection Regulation (GDPR) will go into effect on May 25, 2018. Think GDPR doesn’t apply to your organization? Think again. There are very few businesses that the GDPR will not apply to. The scope is expansive and affects businesses regardless of where they are globally located. If any part of your business touches a person in the EU – be ready! Just like the Y2K era, companies small and large have a lot of work to do in preparation. For businesses that already have a strong security and privacy program, there may be changes required to achieve full compliance. Unfortunately, SMBs are finding that there is a lot more work to do before the deadline arrives. In this session, we will cover this topic and explain how the harmonizing of privacy laws will impact your business.
3:00 pm[SecureWorld PLUS] Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity FrameworkSecureWorld PLUS Registrants ONLYSr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
3:00 pm - 4:30 pmLocation / Room: BerwynThe University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report
The class will help individuals and organizations acquire knowledge, skills and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the Instructor – Larry Wilson:
- Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
3:00 pmSecureWorld PLUS Part 2 - Cloud Security - Securing Your Organization's Digital TransformationSecureWorld PLUS Registrants ONLYDirector, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members AllianceRegistration Level:- SecureWorld Plus
3:00 pm - 4:30 pmLocation / Room: DevonThis course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.
3:00 pmSecureWorld PLUS Part 2 - Cyber Crimes, Threat Intelligence, and the Dark Web – Hands-On WorkshopSecureWorld PLUS Registrants ONLYFormer Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRIRegistration Level:- SecureWorld Plus
3:00 pm - 4:30 pmLocation / Room: ArdmoreThis practical workshop will reveal the secrets of the dark-web and cybercriminals. Attendees will acquire knowledge, skills and tools to search the dark-web and analyze cyber threat intelligence. Additionally, attendees will explore how to leverage cyber intelligence on the web to proactively approach complex processes as due diligence and litigation.
3:30 pmGuidePoint ReceptionJoin us for complimentary drinks and appetizers inside the venueRegistration Level:- Open Sessions
3:30 pm - 5:00 pmLocation / Room: Prefunction Grand BallroomJoin GuidePoint and partners for a social hour after Day 1. Come discuss the day’s events, network with security peers, and enjoy beverages and
hors d’oeuvres. Compliments of GuidePoint and partners.
Register NowValley Tavern Inn, Radisson Hotel(Inside the venue)March 18th • 4 – 7 p.m. - Thursday, March 29, 20187:00 amRegistration openRegistration Level:
- Open Sessions
7:00 am - 3:00 pmLocation / Room: Registration DeskCome to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.
8:00 am[SecureWorld PLUS] Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity FrameworkSecureWorld PLUS Registrants ONLYSr. Cybersecurity Consultant, Wilson CyberRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: BerwynThe University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.
This innovative education and training program includes the following key elements:
- An introduction to the key components of the NIST Cybersecurity Framework
- How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
- An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
- How to use the framework to protect critical information assets
- A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
- A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report
The class will help individuals and organizations acquire knowledge, skills and abilities to:
- Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
- Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
- Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
- Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
- Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
- Identify required workforce skills and develop career pathways for improving skills and experience
About the Instructor – Larry Wilson:
- Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
- Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
- Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
- Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework
The program and its author have won the following industry awards:
- Security Magazine’s Most Influential People in Security, 2016
- SANS People Who Made a Difference in Cybersecurity Award, 2013
- Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
8:00 amSecureWorld PLUS Part 3 - Cloud Security - Securing Your Organization's Digital TransformationSecureWorld PLUS Registrants ONLYDirector, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members AllianceRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: DevonThis course will provide a healthy introduction to modern aspects of cloud computing security. The attendee will learn how to assess and protect their organization’s data in the cloud. IoT, Providers, Tools, and processes to help avoid a rainy day.
8:00 amSecureWorld PLUS Part 3 - Cyber Crimes, Threat Intelligence, and the Dark Web – Hands-On WorkshopSecureWorld PLUS Registrants ONLYFormer Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRIRegistration Level:- SecureWorld Plus
8:00 am - 9:30 amLocation / Room: ArdmoreThis practical workshop will reveal the secrets of the dark-web and cybercriminals. Attendees will acquire knowledge, skills and tools to search the dark-web and analyze cyber threat intelligence. Additionally, attendees will explore how to leverage cyber intelligence on the web to proactively approach complex processes as due diligence and litigation.
8:30 amUp Close and Personal CryptographyInformation Security Officer, DLL GroupRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: HaverfordWe trust cryptography but do we really know it? In most of today’s operations we rely on cryptography to ensure confidentiality, but sometimes we blindly trust the tools and processes who use it, even if they don’t differentiate strong from weak cryptographic methods. Cryptography in general is a well-established solution, but as always, the devil is in the details. Knowing in a deeper level how cryptography works has become an important topic and something that cybersecurity professionals must pay attention to.
8:30 amThreat Analysis Using Cyber Table TopsCybersecurity Fellow, Lockheed MartinRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: VillanovaAs we move towards securing our systems using tools and checklists, we need to step back and look at the holistic picture. The Cyber Table Top process brings in all stakeholders and looks at all aspects of security from traditional computers and networks, to human intelligence, to maintenance, to supply chain. Unless you have the complete picture, you can’t develop a comprehensive security plan.
8:30 amThe Blockchain Threat ModelLeader in Cybersecurity Strategy, Innovation, and EconomicsRegistration Level:- Conference Pass
8:30 am - 9:15 amLocation / Room: WayneBlockchain technology is being touted as the Next Big Thing, seemingly capable of great feats of strength and perhaps even curing the common cold. But what exactly is it and how could it contribute to a security program? Perhaps more importantly, what are its inherent weaknesses? This session will delve into the technology, use cases, and threat model of distributed ledger technologies.
9:00 amExhibitor Hall openRegistration Level:- Open Sessions
9:00 am - 3:00 pmLocation / Room: Exhibitor FloorYour opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.
9:30 amOPENING KEYNOTE: Meet Your New Board Member – Mr. RobotDirector, Cyber Information Security Practices at ISACA and DoD InstructorRegistration Level:- Open Sessions
9:30 am - 10:15 amLocation / Room: Keynote TheaterArtificial Intelligence learns from previous situations to guide, and in some cases, automate data-informed decisions. In fact, AI and Decision Making was named as one of the Deep Shift Technology Tipping Points and Society Impact findings of the 2015 WEF Survey Report. The first AI machine on a corporate board of directors is expected in 2026.
At the same time, ISACA Sr. Manager Frank Downs believes that many corporate boards would benefit from expanding their definition of and commitment to governing business technology opportunity and responsibility. In the spirit of better governance, does the board of the future need to make room for an AI machine? If the best corporate leaders choose to surround themselves with the smartest minds—individuals who bring expertise beyond their own—then what is the role of AI on corporate boards? In this strategic and entertaining session, Downs will share his views on AI and its potential for boards and governance.
10:15 amConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
10:15 am - 11:15 amLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
11:00 amAdvisory Council Roundtable (VIP / Invite Only)Information Security & Incident Response Team Lead, Wawa Inc.Registration Level:- VIP / Exclusive
11:00 am - 12:00 pmLocation / Room: StraffordThis session is for Advisory Council Members only.
11:15 am(ISC)2 Meet and GreetOpen to All AttendeesRegistration Level:- Open Sessions
11:15 am - 12:00 pmInterested in your local associations? Join (ISC)2 for a social meet & greet and chapter news.
11:15 amHow to Build an Effective Security Awareness ProgramVP, Threat & Vulnerability Management Officer, The BancorpRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: Malvern11:15 amThe Impact of the GDPR on Cross-Border Data Management and CybersecurityWalking the Tightrope of Compliance and Business EfficiencyFounding Partner & Owner, Fischer Law, LLCRegistration Level:- Conference Pass
11:15 am - 12:00 pmLocation / Room: VillanovaPrinciples of data privacy, technology, and cybersecurity converge when organizations exchange, transfer and process information. With the forthcoming European Union’s General Data Protection Regulation (GDPR), the intersection of data, technology, business and law is poised to become increasingly complex. And each of these complications will have a huge impact on a company’s operations, network infrastructure, and legal relationships with third-parties. This presentation will explore the impact of the GDPR on cross-border data management, its intersection with domestic data obligations and its effect on creating efficient and secure data management practices that meet the needs of the business.
11:15 am[Radware] Cybersecurity Pushed to the LimitSecurity Evangelist, North America, RadwareRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: WayneThroughout 2018 mainstream headlines highlighted cyber-attacks and security threats that included possible interference in the U.S. presidential election, worldwide malware outbreaks and the Equifax data breach. These and other high-profile events spurred greater cyber-defense investment by everyone from nation states and global corporations to individuals purchasing anti-malware solutions for personal devices. Yet even as investments increase so do threats, hacks and vulnerabilities. This session will help you understand these complex and challenging dynamics. Based on findings from Radware’s research and a global industry survey, the session will show real attack data and customer stories to paint a picture of where we are and what security professionals can do.
Join the session to learn more about:
• The threat landscape deep dive—the who, what and why of attacks
• Potential impact on your business, including associated costs of different cyber-attacks
• Critical attacks in the midst: DNS, IoT and risks lurking in the cloud
• Emerging threats and how to protect against them
• A look ahead – predictions and what to prepare for11:15 amTrend Micro: Preparing Your Business for GDPR ComplianceVP, Infrastructure Strategies, Trend MicroRegistration Level:- Open Sessions
11:15 am - 12:00 pmLocation / Room: HaverfordThe EU General Data Protection Regulation will soon be in effect for all businesses with access to the personal data of EU citizens. Join William Malik as he explores the concept of privacy and how its evolution has been spurred by technological disruptions throughout modern history. Examine key highlights in the journey of GDPR preparation – including assessing organizational risks, tackling high-volume data sources, designing a remediation strategy and leveraging your successes to build your brand and reputation. Special attention must be paid to the implications of GDPR on blockchain deployments, as well.
12:00 pmAdvisory Council Lunch Roundtable – (VIP / Invite Only)Manager, Information Security, Health Partners PlansRegistration Level:- VIP / Exclusive
12:00 pm - 1:00 pmLocation / Room: StraffordThis session is for Advisory Council Members only.
12:15 pmLUNCH KEYNOTE: Successfully Innovating for the 21st Century: Now That We've Learned About Thinking Inside-the-Box, Can We Succeed at Thinking Outside-the-Box?Asst. Professor of Systems Engineering, U.S. Military Academy, Research Scientist, Army Cyber InstituteRegistration Level:- Open Sessions
12:15 pm - 1:00 pmLocation / Room: Keynote TheaterLTC Wong has given a number of talks introducing a systematic framework to distinguish between four different types of innovation: sustaining and incremental ones that tend to originate reactively, and breakthrough and revolutionary ones that have the greatest chances to proactively reshape the future. In this talk, he builds on his “inside-the-box” framework for increasing the odds of coming up with the next wave of successful innovations for winning in cyber warfare by getting us all to be better at thinking “outside-the-box.”
1:15 pmPanel: Shifting Landscape of Attack VectorsRegistration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: VillanovaIf one thing holds true in cybersecurity it is the fact that our adversaries are pretty smart. They are. To be fair, they only have to be right once in a while. These cyber thugs are constantly shifting their attack vectors to better infiltrate our networks. There are so many endpoints to cover that the “bad guys” can try something new all the time. They have also discovered that we do not have great cyber hygiene when it comes to training our workforce. End users continue to be the “weakest link” within an organization as we’ve learned from all the ransomware attacks and business email compromises of late. This panel will talk about the shift in attack vectors and make some predictions about what to watch out for in the not too distant future.
Panelists:
Ron Schlect, BTB Security
Eric Bucher, Cequence
Matthew Cilento, Securonix
Hassanain Kapadia, Palo Alto Networks
John Maloney, AccessIT Group
Moderator: Frank Piscitello1:15 pmPanel: Access Control – The End of the Password?Registration Level:- Open Sessions
1:15 pm - 2:15 pmLocation / Room: Keynote Theater“Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo. Is 2FA good enough? Zero Trust? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.
Panelists:
Joeseph Walsh, DeSales
George Makin, Federal Reserve
Nancy Hunter
George Makin
Moderator: Bob McCosky2:15 pmConference Break / Exhibitor Product DemonstrationRegistration Level:- Open Sessions
2:15 pm - 3:00 pmLocation / Room: Exhibitor FloorReboot with coffee and infused water while visiting exhibitors on the exhibitor floor.
2:30 pmDash for Prizes & CyberHuntRegistration Level:- Open Sessions
2:30 pm - 2:45 pmLocation / Room: Exhibitor FloorBe sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win
3:00 pmDon’t Get Run Over by the DevOps TrainSr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware ValleyRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: HaverfordThe freight train of DevOps is speeding, and security folks are likely to be run over by it or left behind. In the world of automation through APIs and infrastructure as a code, security is blindsided and trying to catch up. This session will provide some tips and tools for DevSecOps.
3:00 pmSecurity Awareness: Reality vs RequirementsDirector of Cybersecurity / CISO, The Bancorp BankRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: WayneSecurity awareness training is a required piece of an Information Security Program. However, the requirements do not always translate to secure practices in the real world. This session is designed to show how to meet regulatory requirements and have a meaningful security awareness program.
3:00 pmOSINT/Social Engineering – Weaponizing Psychology and Sociology for Better PhishingPartner, Information Security, DFDR ConsultingRegistration Level:- Conference Pass
3:00 pm - 3:45 pmLocation / Room: VillanovaIdentifying Social Engineering threats to an organization is a critical function of security. With SE being the #1 vector of attack for threats, managing risk and exposures through advanced analysis and threat modeling is critical. This session will outline advanced tactics, psychological profiling methods, tradecraft and open source investigation methods not previously explored which can be used to both attack and defend a company.
- AccessIT Group + Check PointBooth: 104
AccessIT Group is your partner in cybersecurity. Our talented team of security experts deliver customized solutions designed to protect your systems and information from increasing security threats. From design and implementation to cybersecurity compliance and training, we provide a single point of contact for all your security needs.
AccessIT Group seeks to differentiate itself by offering a higher level of expertise from engineers and sales staff, all of whose knowledge was derived from real life enterprise deployments. These values have helped AccessIT Group grow to become the first-choice cyber security provider in our region. Today, AccessIT Group maintains sales and service offices in King of Prussia, PA, Mountain Lakes, NJ, New York, NY, Columbia, MD, and Boston, MA.
- APM Systems Inc.Booth: 402
APM Systems is one of the Philadelphia Region’s leading IT Security focused solution providers, for 16 years. Applying practical and effective IT security solutions, APM has helps secure businesses of all sizes from external and internal data security threats. The threat landscape in the past several years has changed in exceptional ways. At SecureWorld Philadelphia, APM presents Sonicwall Security Solutions that help us fight the cyberwar battles facing us on daily basis. APM has nearly 20 years of experience working with Sonicwall technologies and enjoys bringing technology expertise to companies in Philadelphia and nationwide. Rapidly improve your security infrastructure and solve critical security challenges with Sonicwall and APM Systems.
- ASISBooth: TBD
ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org
- baramundi software USA, Inc.Booth: 316
baramundi Software provides companies and organizations with efficient, secure, and cross-platform management of workstation environments.
The baramundi Management Suite (bMS) combines all important features for Endpoint Management: Patch Management, Software Deployment, OS-Installation, Enterprise Mobility Management, Vulnerability Assessment, and more. bMS optimizes IT management processes by automating routine tasks and providing an extensive overview of the status of the network and endpoints. In doing so, it relieves pressure on IT administrators and ensures that users always have the necessary rights and applications on all platforms and form factors; whether on PCs, servers, notebooks, mobile devices or Macs.
Over 3,000 customers around the world benefit from nearly two decades of experience and the easy-to-use software solution.
- BarklyBooth: 308
Barkly is advancing endpoint security with the strongest, smartest protection delivered with simplicity. The Barkly Endpoint Protection Platform provides multi-vector attack blocking for exploits, scripts, executables, ransomware, and more, and has visibility into all levels of the system, including the CPU. Barkly is formed by an elite team of security and SaaS experts from IBM, Cisco, and Intel, backed by investors NEA and Sigma Prime, and independently certified for anti-virus replacement, HIPAA, PCI DSS & NIST. Learn more by visiting us at www.barkly.com, or follow us on Twitter @BarklyProtects.
- Bay Pay ForumBooth: TBD
The BayPay Forum, a Silicon Valley-based international network composed of over 14,000 payment and commerce executives, entrepreneurs and investors from thousands of different companies, serves as a forum to connect members in identifying and understanding the emerging trends and innovations in the industry.
- BromiumBooth: 106
Bromium uses virtualization-based security to protect our customers. Our patented hardware-enforced containerization delivers application isolation and control stopping malware in its tracks. Unlike traditional security, Bromium automatically isolates threats and adapts to new attacks using behavioral analysis and instantly shares threat intelligence to eliminate the impact of malware.
- Carbon BlackBooth: 210
Carbon Black is Transforming Security Through Big Data and Analytics in the Cloud Growing trends in mobility and cloud have made the endpoint the new perimeter. New and emerging attacks are beating traditional defenses, and security teams are too reactive and held back by their technologies. Carbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, we are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.
- CIOReviewBooth: TBD
CIOReview is a technology magazine that talks about the enterprise solutions that can redefine the business goals of enterprises tomorrow. It is the leading source that shares innovative enterprise solutions developed by established solutions providers, upcoming hot enterprises and is a neutral source for technology decision makers. Published from Fremont, California, CIOReview is an excellent platform for the enterprise to showcase their innovative solutions.
- Critical Design Associates, Inc.Booth: 106
An Information Technology consulting firm dedicated to improving our customers business through the use of technology. We are committed to the needs of our clients. Through integrity, dedication, and teamwork we provide our customers the highest quality of service. Our success is only measured by the success of our clients.
- CylanceBooth: 212
Cylance® is revolutionizing cybersecurity with products and services that proactively prevent, rather than reactively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions.
- DarktraceBooth: 304
Darktrace is the world’s leading cyber AI company and the creator of Autonomous Response technology. Its self-learning AI is modeled on the human immune system and used by over 3,500 organizations to protect against threats to the cloud, email, IoT, networks, and industrial systems.
The company has over 1,200 employees and headquarters in San Francisco and Cambridge, UK. Every 3 seconds, Darktrace AI fights back against a cyber-threat, preventing it from causing damage.
- Delta RiskBooth: 100
Delta Risk is breaking the mold for managed security, delivering Security Operations Center (SOC)-as-a-Service and security services that bridge the gap to a modern security approach. We enable any size organization to leverage our expert security operations team and respond to endpoint, network, and cloud security threats 24×7. ActiveEye, our proprietary platform, uses Security Orchestration Automation and Response (SOAR) to cut through the noise and address the most critical threats faster. The ActiveEye Portal is the cornerstone of our customer-centric approach, providing clients a transparent view into SOC activities and Key Performance Indicators (KPIs) that demonstrate the value of our co-managed security approach.
- DeSales University Cyber Security ProgramBooth: 110
DeSales University offers an exciting digital forensics certificate program, composed of four courses, that teaches students how to recover evidence from various types of electronic devices. Students receive hands-on experience with popular forensic tools and are prepared to address the legal and investigative issues involved with seizing and handling digital evidence. Graduates of the certificate program can add more courses toward a master’s degree in criminal justice or information systems. All courses are online, allowing students with busy schedules greater flexibility.
- Digital GuardianBooth: 200
Digital Guardian provides the industry’s only threat aware data protection platform that is purpose built to stop data theft from insiders and outside adversaries. The Digital Guardian platform performs across the corporate network, traditional endpoints, mobile devices and cloud applications and is buttressed by a big data security analytics cloud service, to make it easier to see and block all threats to sensitive information.
- EC-CouncilBooth:
International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
- Electronic Crimes Task ForceBooth:
The role of the U.S. Secret Service has gradually evolved since the agency’s 1865 inception, from its initial mandate — suppressing the counterfeiting of U.S. currency — to protecting the integrity of the nation’s financial payment systems. During this time, as methods of payment have evolved, so has the scope of the Secret Service’s mission. Computers and other chip devices are now the facilitators of criminal activity or the target of such, compelling the involvement of the Secret Service in combating cyber crime. The perpetrators involved in the exploitation of such technology range from traditional fraud artists to violent criminals – all of whom recognize new opportunities to expand and diversify their criminal portfolio.
- enSiloBooth: 300
enSilo protects businesses around the world from data breaches and disruption caused by cyber attacks. The enSilo Endpoint Security Platform comprehensively secures endpoints in real-time pre- and post-infection without alert fatigue, excessive dwell time or breach anxiety while also containing incident response costs by orchestrating automated detection, prevention and incident response actions against advanced malware. enSilo’s patented approach stops advanced malware with a high degree of precision, provides full system visibility and an intuitive user interface and combines next-generation antivirus (NGAV), application communication control, automated endpoint detection and response (EDR) with real-time blocking, threat hunting, incident response, and virtual patching capabilities in a single agent. The platform can be deployed either in the cloud or on-premises and supports multi-tenancy.
- ExtraHopBooth: 114
ExtraHop is a force multiplier for IT teams struggling with increasing complexity. With the ExtraHop platform, organizations can regain control over the security and performance of their applications and infrastructure, and capitalize on their data analytics opportunity to improve business operations and results. Learn more at www.extrahop.com
- Global Cyber AllianceBooth: TBD
The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org
- GuidePoint Security LLCBooth: 200
GuidePoint Security LLC provides innovative and valuable cyber security solutions and expertise that enable organizations to successfully achieve their mission. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification can be found with the System for Award Management (SAM). Learn more at: http://www.guidepointsecurity.com
- GigamonBooth: 200
Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures. The result: modern enterprises realize the full transformational promise of the cloud. Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, nine of the 10 largest mobile network providers, and hundreds of governments and educational organizations worldwide. To learn more, please visit gigamon.com.
- HTCIA Delaware Valley ChapterBooth:
The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge, about methods, processes, and techniques relating to investigation and security in advanced technologies among its membership.
By becoming a member of the HTCIA you will affiliate yourself with a professional organization which will help you fully understand and address issues associated with investigations, apprehensions and methodologies associated with the newest breed of high tech criminals. With the explosion in use of computers and the Internet, there is an uprising in criminal activities that utilize these powerful tools. From computer viruses to data processing fraud, there are many growing threats that expose our society to a new kind of criminal activity.
- Philadelphia InfraGard Members AllianceBooth:
InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.
- iovationBooth: 208
iovation protects online businesses and their end users against fraud and abuse, and identifies trustworthy customers through a combination of advanced device identification, shared device reputation, device-based authentication and real-time risk evaluation. More than 3,500 fraud managers representing global retail, financial services, insurance, social network, gaming and other companies leverage iovation’s database of billions of Internet devices and the relationships between them to determine the level of risk associated with online transactions. The company’s device reputation database is the world’s largest, used to protect 15 million transactions and stop an average of 300,000 fraudulent activities every day. The world’s foremost fraud experts share intelligence, cybercrime tips and online fraud prevention techniques in iovation’s Fraud Force Community, an exclusive virtual crime-fighting network.
- ISACA PhiladelphiaBooth:
The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.
- ISC2Booth: TBD
ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, ISC2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation, The Center for Cyber Safety and Education™.
- ISSA Delaware ValleyBooth:
Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.” - Ixia, a Keysight BusinessBooth: 102
We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.
- NetskopeBooth: 200
The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.
- OktaBooth: 200
Okta is the World’s Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We’re building a world where Identity belongs to you. Learn more at okta.com.
- OWASPBooth:
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
- PACTBooth:
Philadelphia Alliance for Capital and Technologies (PACT)’s vision is to be the go-to resource for fast growing companies, and a driver of entrepreneurship and innovation in the Philadelphia region. PACT provides its members with valuable content and connections to capital, coaching, and customers that will accelerate their growth and success, and to collaborate with other organizations to drive innovation and entrepreneurship in the region. Visit www.philadelphiapact.com for more information.
- Palo Alto NetworksBooth: 112
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.
- RadwareBooth: 314
Radware® (NASDAQ: RDWR) is a global leader of cybersecurity and application delivery solutions for physical, cloud and software-defined data centers (SDDC). Our award-winning solutions portfolio secures the digital experience by providing infrastructure, application and corporate IT protection, and availability services to enterprises globally. Our solutions are deployed by, among others, enterprise customers, carriers, and cloud service providers.
- Rapid7Booth: 218
Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.
- SailPointBooth: 108
SailPoint, the leader in enterprise identity governance, brings the Power of Identity to customers around the world. SailPoint’s open identity platform gives organizations the power to enter new markets, scale their workforces, embrace new technologies, innovate faster and compete on a global basis. As both an industry pioneer and market leader in identity governance, SailPoint delivers security, operational efficiency and compliance to enterprises with complex IT environments. SailPoint’s customers are among the world’s largest companies in a wide range of industries.
- SecuronixBooth: 322
Securonix is redefining threat detection and response for today’s hybrid cloud, data-driven enterprise. Securonix Next-Gen SIEM and XDR are powered by the most advanced analytics and built on a scalable, flexible cloud native architecture. Securonix leverages behavioral analytics technology that pioneered the UEBA category to reduce noise, prioritize high fidelity alerts, and enable fast and precise response to insider and cyber threats.
- SentinelOneBooth: 312
SentinelOne delivers real-time cloud workload protection, to stop runtime threats targeting VMs, containers and Kubernetes clusters. From endpoints to workloads, to data center and public cloud, innovate quickly knowing SentinelOne has you protected. To learn more, visit www.sentinelone.com or follow us at @SentinelOne, or on LinkedIn and Facebook.
- Skybox SecurityBooth: 200
Skybox arms security teams with a powerful set of security management solutions that extract insight from security data silos to give unprecedented visibility of the attack surface, including all Indicators of Exposure (IOEs). With Skybox, security leaders can quickly and accurately prioritize and address vulnerabilities and threat exposures.
- SplunkBooth: 200
Splunk helps build a safer and more resilient digital world. Organizations trust Splunk to prevent security, infrastructure and application incidents from becoming major issues, absorb shocks from digital disruptions and accelerate digital transformation.
- Sumo LogicBooth: 302
Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, our purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world.
- SynopsysBooth: 216
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
- TaniumBooth: 112
Tanium defends every team, endpoint and workflow against the largest attack surface in history by delivering the industry’s first convergence of IT management and security operations with a single platform under a new category, Converged Endpoint Management (XEM).
The integrated offering links IT operations, security and risk teams from a single pane of glass to provide a shared source of truth, a unified set of controls, and a common taxonomy that brings together siloed teams for a shared purpose—to protect critical information and infrastructure.
For more information, visit: https://www.tanium.com.
- TechTargetBooth:
TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.
- ThinAirBooth: 310
ThinAir simplifies information visibility and security, and enables insider threat and information leak investigation in 90 seconds. ThinAir has built the world’s first insider detection and investigation platform that answers sophisticated questions about information creation, consumption, and communication, empowering security and IT professionals to have instant data-element level visibility in real time and historically. To learn more visit thinair.com and connect with us on Twitter @thinairlabs and LinkedIn.
- Trend MicroBooth: 306
Trend Micro, a global leader in cybersecurity, is passionate about making the world safe for exchanging digital information, today and in the future. Artfully applying our XGen™ security strategy, our innovative solutions for consumers, businesses, and governments deliver connected security for data centers, cloud workloads, networks, and endpoints. www.trendmicro.com.
- VaronisBooth: 200
Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification and analytics. Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.
- WatchGuardBooth: 214
WatchGuard offers industry-leading network security, secure Wi-Fi, and multi-factor authentication solutions to businesses around the world. In a world where the threat landscape is constantly evolving, and new threats emerge each day, WatchGuard provides robust security in a simple, easy-to-manage way.
- Wombat Security TechnologiesBooth: 318
Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS cyber security education solution includes a platform of integrated broad assessments, and a library of simulated attacks and brief interactive training modules, to reduce employee susceptibility to attack, even phishing attacks, over 80%.
- Xton TechnologiesBooth: 322
XTAM is a privileged account management software which includes Web based password vault with password rotation, discovery, workflow controlled access, high trust login, session and keystroke recording with instant playback, full audit trail, elevated script automation, alerting and extensive analytics. XTAM integrates with AD/LDAP, SIEM, multi factor authentication providers and ticketing systems. XTAM is an agentless, scalable solution for on premises, hybrid and cloud deployments. Download a free trial now at www.xtontech.com.
- Pete Lindstrom, InstructorLeader in Cybersecurity Strategy, Innovation, and Economics
Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Gene KingsleyDirector, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.
- Roy ZurFormer Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI
Roy Zur is a cyber intelligence expert, an attorney, and the founder and CEO of Cybint Solutions, a cyber education company. Roy has over a decade of experience in cyber and intelligence operations from the Israeli security forces (Retired Major), and has developed cyber education programs and technological solutions for companies, educational institutions, and government agencies around the world.
- John KveragasOwner, TJM Professional Services, LLC
John E. Kveragas, Jr., CPA, CISA, is a seasoned Internal Audit Executive with over 20 years’ experience in IT, operational, financial, and compliance auditing in multiple industries. John has extensive expertise with building effective internal audit functions, training and development, and managing regulatory exams with positive outcomes for financial institutions ranging from FinTech startups to Top 10 banks. He is the founder and owner of TJM Professional Services which is a cybersecurity consulting and training firm focused on small businesses. John is a frequent speaker for ISACA, The Institute of Internal Auditors, and SecureWorld on the topics of Internal Audit, Information Security, and Compliance.
- Conor GilsenanEditor in Chief, All Things Auth, Founder, Two Factor Buddy (2FB)
Conor Gilsenan is a software engineer who has spent the past eight years focusing on security. He has worn many hats, including: programmer, architect, specification author, and UX contributor. He believes that UX is a critical and historically discounted component of any security solution, and is passionate about putting users first. He is the Editor in Chief at All Things Auth and the Founder of Two Factor Buddy (2FB).
- Joan AntokolPartner, Park Legal LLC
Joan has experience as an in-house global privacy officer for a Fortune 500 company, and also served as a Partner and chair of the data privacy practice for a large international law firm. Since 2010, she has operated her own law firm, Park Legal, LLC, with offices in New Jersey and Indianapolis. Since 2003, Joan has been invited to be a member of the International Working Group on Data Protection in Technology (IWGDPT), which is an international group of data protection regulators chaired by the Berlin Data Protection Commissioner. Joan has also presented multiple times at the International Data Protection Commissioners' Conferences and has written a number of articles on data protection and security topics.
- Michael HoehlSecurity Leader, Independent Consultant
Security Leader with experience in Health, Manufacturing, Financial Services, and Retail Industries.
- Devon BryanGlobal CISO, Carnival Corporation
Devon Bryan joined Carnival Corporation in October 2021 as the Global CISO with responsibilities for conceiving, implementing and leading technology solutions that assure compliance, protect personal data and corporate assets, increase organizational capability and advance productivity within Carnival Corporation and our world-leading cruise line brands.
Prior to Carnival Corporation, Devon has held CISO roles a the following organizations: MUFG Union Bank N.A., KPMG US & Americas Ltd, US Federal Reserve, ADP LLC
His information security career began in the U.S. Air Force, where he served as a Captain and lead network security engineer working on systems and programs to protect the critical network and communications networks of the Air Force’s Air Combat Command.
Devon is Co-founder of Cyversity, now ICMCP (International Consortium of Minority Cybersecurity Professionals), a 501c3 non-profit which he launched in 2014 and geared toward improving the underrepresentation of women and minorities in the field of cybersecurity through academic scholarships, certifications, mentoring and networking opportunities.
Devon received a Bachelor of Science, Applied Mathematics from South Dakota Technological University and a Master of Science, Computer Science from Colorado Technological University, graduating Summa Cum Laude. He holds multiple cybersecurity certifications to include: CISSP, CIPP/US and CIPP/EU, serves on several non-profit boards, academic advisory boards and participates in select industry forums as a sought-after speaker and writer on emerging cyber security trends and issues.
- Louise O’DonnellSr. Information Technology Manager, TD Ameritrade
- Jonathan LangeExecutive Manager, baramundi software USA, Inc.
Jonathan Lange is sales manager for baramundi software USA, Inc. in the US market. Having advised customers in various countries from small businesses to global enterprises, he is well aware of the challenges IT departments face today in order to keep their infrastructure up-to-date, safe and efficient.
- Rebecca RakoskiCo-Founder & Managing Partner, XPAN Law Partners
Rebecca L. Rakoski is the managing partner at XPAN Law Partners, LLC. Rebecca advises her clients on a proactive, multi jurisdictional approach to identify and address data privacy and cybersecurity compliance gaps and potential liabilities. She uses her extensive experience to work with her clients to create and tailor a security and privacy governance program that fits their specific needs in order to limit their regulatory exposure.
Rebecca counsels and aggressively defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. As an experienced litigator, Rebecca has handled hundreds of matters in state and federal courts. Rebecca skillfully manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to minimize her client's litigation risks.
Rebecca regularly negotiates complex contractual provisions that are impacted by domestic and international data privacy regulations including the California Consumer Privacy Act of 2018, and the European Union's General Data Protection Regulation. She understands how the nature of the data can affect the role her client plays in the data transaction and uses that knowledge to mitigate corporate liability.
As a thought leader in the area of data privacy and cybersecurity, Rebecca serves on the New Jersey State Bar Association's Cyber Task Force. Rebecca is Vice-Chair Elect for the New Jersey State Bar Association's Bankruptcy Law Section.Rebecca has been appointed and served in multiple highly complex litigation matters by the New Jersey Superior Court as a Special Master in the areas of technology and eDiscovery. She also served on the Complex Business Litigation Committee that drafted and revised the New Jersey Court Rules involving electronic discovery. Rebecca was on the eDiscovery committee of her prior law firm and created its eDiscovery subgroup.
Rebecca is on the Board of Governors for Temple University Health Systems and is also the Acting Dean of Online Learning and an adjunct professor at Drexel University’s Thomas R. Kline School of Law.
- Robert McKoskyAsst. Professor, Drexel University
Dr. Robert McKosky served as the Director of Information Security at MBNA America and was the Technical Program Director for the Network Infrastructure Laboratory at GTE. He has organized and participated in various simulated attacks (Tiger Teams) to identify weaknesses in security systems. Mac has consulted to the CTIA, NSA, Secret Service, FBI, CIA, Scotland Yard, the Royal Canadian Mounted Police, and various state and local law enforcement organizations. Mac is a Certified Secure Software Lifecycle Professional (CSSLP) and a Certified Information System Security Professional (CISSP) and was one of the authors of the original certification exam.
- Chris ThieletAccount Executive, Wombat Security
Chris has over 15 years' experience in training program development. For over two years at Wombat he has worked with security professionals in over 22 countries to plan, develop, and implement successful cybersecurity education programs. These programs have focused on phishing simulations, training methodologies, and engaging end users to reduce risk.
- Louise O’DonnellSr. Information Technology Manager, TD Ameritrade
- Demetrios 'Laz' LazarikosFormer CISO of vArmour, Sears, and Silver Trail Systems, Founder and IT Security Strategist, Blue Lava Consulting
Demetrios Lazarikos (Laz), a recognized visionary for building Information Security, fraud, and big data analytics solutions, is the Founder and IT Security Strategist for Blue Lava Consulting.
Laz has more than 30 years' experience in building and supporting some of the largest InfoSec programs for financial services, retail, hospitality, and transportation verticals. Some of his past roles include: CISO at vArmour, CISO at Sears, CISO at Silver Tail Systems (acquired by RSA/EMC), VP of Strategic Initiatives at ReddShell Corporation (acquired by TrustWave), and a former PCI QSA.
Laz is an Adjunct Professor at Pepperdine University's Graziadio School of Business and Management. He holds a Master’s in Computer Information Security from the University of Denver and an MBA from Pepperdine University, and has earned several security and compliance certifications.
- Joan AntokolPartner, Park Legal LLC
Joan has experience as an in-house global privacy officer for a Fortune 500 company, and also served as a Partner and chair of the data privacy practice for a large international law firm. Since 2010, she has operated her own law firm, Park Legal, LLC, with offices in New Jersey and Indianapolis. Since 2003, Joan has been invited to be a member of the International Working Group on Data Protection in Technology (IWGDPT), which is an international group of data protection regulators chaired by the Berlin Data Protection Commissioner. Joan has also presented multiple times at the International Data Protection Commissioners' Conferences and has written a number of articles on data protection and security topics.
- Blake CollinsDirector of Clinical Engineering, Christiana Health Care System
Blake Collins has been in the Health Technology field for over 27 years and the health care industry for over 34 years. He retired from the United States Navy after 21 years in 2004. He received his basic and advanced BMET training in Aurora, Co. at the United States Army Medical Equipment and Optical School. After retirement, he became a Regional Director for a large health system in Knoxville, TN before joining TriMedx in 2006 as a Regional Director of Service operations. In 2012 he joined Christiana Care in Newark, Delaware, as the Director of Clinical Engineering.
Blake received his BSOE in Biomedical Technology from Wayland Baptist University, has an MBA, and is a certified BMET, Healthcare Technology Manager and Fellow at the Advisory Board Company.
- Akshay FinneyAssociate, Meditology Services
Akshay Finney is an IT Risk Management Associate who specializes in Security risk assessments and Medical Device Security. As an Associate, he works closely with the Risk Management Team to assess and identify the client’s risks, and guide them in mitigating the identified risks. He also specializes in security and network operations to provide actionable intelligence to clients. He has developed and helped execute strategic security programs for various clients. He has experience with various regulatory frameworks such as HIPAA, HITRUST and SOC-2. He is a Master’s graduate in Cybersecurity and is a security researcher on cyber physical systems and Internet of Things.
- Cheryl Carmel, ModeratorOwner, Carmel Consulting LLC
Ms. Carmel is a member of (ISC)2 where she holds her CISSP, and IAPP where she holds her CIPT. She is a member of InfraGard and has been on the Advisory Council for SecureWorld for many years.
Ms. Carmel began her career in technology with experience in application development, infrastructure operations, technical support, and teaching. She pivoted to focus on security in 1999. Her most recent role was VP of Security, Privacy, and Compliance at OnSolve where she was responsible for maturing the program to enable successfully implement security controls to meet the rigors of FedRAMP, while maintaining the controls for ISO 27001, HIPAA, and privacy laws. Before that, she was the BISO at FIS (SunGard Financial Systems).
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Gene KingsleyDirector, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.
- Roy ZurFormer Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI
Roy Zur is a cyber intelligence expert, an attorney, and the founder and CEO of Cybint Solutions, a cyber education company. Roy has over a decade of experience in cyber and intelligence operations from the Israeli security forces (Retired Major), and has developed cyber education programs and technological solutions for companies, educational institutions, and government agencies around the world.
- Happy Hour
- Larry Wilson, CISSP, CISA, InstructorSr. Cybersecurity Consultant, Wilson Cyber
Larry Wilson was formerly the Chief Information Security Officer for Sumitomo Pharma Americas, Inc., Worcester Polytechnic Institute, and the University of Massachusetts (UMass) President's Office. In the CISO role, Larry was responsible for developing, implementing, and overseeing compliance with the SMPA / WPI / UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the respective cybersecurity programs, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, Designing and Building a Ransomware Program, and Designing and Building a Third-Party Risk Program. Larry has also worked with multiple companies in multiple industries to help design, build, and maintain their Cybersecurity Programs, Ransomware Program, and Third-Party Risk Programs.
- Gene KingsleyDirector, Information Security, Farm Credit Financial Partners; VP, InfraGard National Members Alliance
Gene has worked as a dedicated resource in the Information Security space for over 25 years, among industries such as Higher Ed, Healthcare, Finance, Federal Government agencies, and others. He has focused on Operations, Strategy, and Resiliency. In his spare time, he volunteers as a national leader among the InfraGard National Members Alliance, assisting in governance, audit, and program development.
- Roy ZurFormer Major in Israeli Intelligence Forces, CEO and President, Cybint Solutions/BARBRI
Roy Zur is a cyber intelligence expert, an attorney, and the founder and CEO of Cybint Solutions, a cyber education company. Roy has over a decade of experience in cyber and intelligence operations from the Israeli security forces (Retired Major), and has developed cyber education programs and technological solutions for companies, educational institutions, and government agencies around the world.
- Alejandro LangurenInformation Security Officer, DLL Group
Alejandro is a cybersecurity professional, experienced in Information Security, IT Infrastructure, and Software Development areas—with working experience in multinational organizations covering positions in the United States and Latin America. Currently working in a world class financial organization, with continuous collaboration with diverse and multicultural teams worldwide. He holds a bachelor’s degree in Communications and Electronics and a master’s degree in Computer Sciences from Mexico’s National Polytechnic Institute; as well as CISSP, CISSM, CISA, CRISC, CEH and CSM certifications.
- Tom PlummerCybersecurity Fellow, Lockheed Martin
Cybersecurity Fellow to provide architecture guidance across products and programs. BS Computer Engineering. CISSP.
- Pete Lindstrom, InstructorLeader in Cybersecurity Strategy, Innovation, and Economics
Pete Lindstrom has an extensive expertise in cybersecurity but is best known as an authority on strategic cybersecurity topics such as metrics, estimating risk, and measuring the benefit of security programs. He focuses on applying these core economic and risk management principles to new cybersecurity architectures and platforms. Pete has over 25 years of industry experience as an IT auditor (PwC), IT security practitioner (Wyeth), and industry analyst (IDC). Pete served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.
- Frank DownsDirector, Cyber Information Security Practices at ISACA and DoD Instructor
Downs, an 11-year cybersecurity specialist, graduated with a bachelor’s degree in English from the University of Maryland, after which he promptly joined the US Department of Defense as a subject matter expert, working with computer networks on a daily basis. Realizing that English and cybersecurity were two very different concepts, Frank proceeded to obtain a master’s degree in cybersecurity from UMBC, after a pit stop at Johns Hopkins to obtain a master’s degree in Government. Eventually, he decided to ease the learning process for individuals transitioning from non-technical backgrounds into cybersecurity by becoming a full-time Intelligence and Operations Consultant for multiple federal law enforcement and intelligence agencies. He is now Senior Manager, Cyber Information Security Practices at ISACA, sharing the good news about ISACA’s Cybersecurity Nexus (CSX) platform.
- Peter IancicVP, Threat & Vulnerability Management Officer, The Bancorp
Peter has over 10 years of experience in cybersecurity, working for financial industry companies such as JP Morgan Chase and The Bancorp. He holds multiple certifications, including CISSP, CEH, and CHFI.
- Jordan Fischer, InstructorFounding Partner & Owner, Fischer Law, LLC
Jordan L. Fischer, founding partner and owner of Fischer Law, LLC, is a self-proclaimed privacy and technology legal nerd and entrepreneur. With her background in owning and operating businesses, and her experience working across the globe, Jordan brings extensive experience and practical knowledge to the global intersection of law and technology. Jordan understands the many demands on businesses, and works to create a balanced approach to privacy and data security compliance.
Jordan works with businesses to continually evaluate and assess legal and business opportunities and risks to provide public and private sector clients with practical data privacy and cybersecurity counsel and business strategic advice. Jordan’s goal is to understand your business, your approach, your risks, and then work with you to create effective, long-lasting solutions to your data privacy and technology legal challenges.
With more than ten years of experience in data privacy, cybersecurity, and technology law, Jordan advises clients on a variety of regulations, including but not limited to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), the Fair Credit Reporting Act (FCRA), and the Driver’s Privacy Protection Act (DPPA). Additionally, she provides counsel on biometric data laws, global data breach standards, and federal and state unfair business practices acts and privacy frameworks such as International Standards Organization (ISO) 27001 and 27701, the National Institute of Standards and Technology (NIST), and the Payment Credit Card Industry Data Security Standard (PCI DSS).
Jordan regularly represents clients in contractual negotiations pertaining to technology, data management, security, and privacy, and she assists in the development of customized, right-sized compliance programs to address numerous regulatory requirements and industry best practices. She also advises clients on cross-border data management and information governance, developing business-oriented and cost-effective strategies for information security, data privacy, and technology compliance.
Jordan’s experience provides her the opportunity to represent clients in a wide range of industries, gaining valuable insight into sectors including agriculture, adtech, emerging technologies (blockchain, Internet of Things (IoT), and Artificial Intelligence (AI), gaming, healthcare, manufacturing, and pharmaceutical. She advises clients on third-party management, addressing the privacy and security of their supply chain. She also collaborates with clients to develop business solutions that incorporate privacy-by-design and security-by-design principles, fusing regulatory requirements with practical, real-world solutions.
In addition to her private practice, Jordan is a Cybersecurity Lecturer at the University of California, Berkeley. Her academic research investigates the convergence of law and technology, as well as the practical implications of regional data protection regulations in the context of the global economy.
Jordan is a globally recognized speaker on a wide range of technology and privacy law topics. In addition, she hosts the podcast Cybersecurity and Data Privacy: The New Frontier for the American Bar Association, which concentrates on data security, privacy, and related legal topics. On the podcast, Jordan discusses a variety of topics focused on law, technology, privacy, and cybersecurity from the perspective of various industries.
Jordan is a Certified Information Privacy Professional for Europe (CIPP/E) and a Certified Information Privacy Professional for the United States (CIPP/US), as well as a Certified Information Privacy Manager (CIPM), as certified by the International Association of Privacy Professionals. She is a certified trainer for the International Association of Privacy Professionals.
HONORS & RECOGNITIONS
Lawyer on the Fast Track, The Legal Intelligencer (2023)
Pennsylvania Super Lawyers® Rising Star honoree (2019-2022)
Main Line Today – Top Lawyers – Cybersecurity (2021, 2022)
ABA ‘On the Rise – Top 40 Young Lawyers’, 2022 Honoree
SC Media – 2022 Women In IT Security, Honoree in the Advocate Category
Exeleon Magazine – 30 Most Transformational Leaders to Follow in 2022
Host, American Bar Association’s ‘Cybersecurity and Data Privacy: The New Frontier’ Podcast
European Union ERASMUS Grant Recipient, 2020ASSOCIATIONS & MEMBERSHIPS
American Bar Association, Business Law Fellow, 2020-2022
American Bar Association, Vice Chair of the Big Data Committee, 2022-2023
Pennsylvania Bar Association, Chair of the Cybersecurity and Data Privacy Committee
California Bar Association
New Jersey Bar Association
Forbes Business Council Member, 2022
International Association of Privacy Professionals (IAPP), Member
University of California, Berkeley, Cybersecurity Lecturer
former Thomas R. Kline School of Law, Drexel University, Law Professor
former Chestnut Hill College, Adjunct Professor
West Chester Friends School, Board Member
Appointed Fulbright Specialist in Cybersecurity and Data PrivacyCERTIFICATIONS
Certified Information Privacy Professional (CIPP) for United States law (US) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (CIPP) for European law (E) through the International Association of Privacy Professionals (IAPP)
Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals (IAPP) - Ron WinwardSecurity Evangelist, North America, Radware
As a Security Evangelist at Radware, Mr. Winward is responsible for developing, managing, and increasing the company’s security business in North America.
Ron’s entire career has been deeply rooted in internet and cybersecurity. For over 20 years, Ron has helped design complex solutions for carriers, enterprises, and cybersecurity providers around the world.
Ron is an industry-recognized expert in the Mirai IoT botnet and its modern variants. Ron conducted the industry’s first complete analysis of the Mirai attack vectors, producing forensic examples for public distribution of each attack and the specific impact each attack had on networks. His work on IoT attack analysis has been presented at conferences worldwide and has been referenced by NIST.
Prior to joining Radware, Ron was Director of Network Engineering for a global datacenter provider and ISP. In this role, Ron oversaw the growth and development of a global network infrastructure that delivered services to other ISPs, hosting providers, and enterprises around the world. During this time, Ron assisted some of the world’s top businesses in mitigating cyberattacks on their infrastructure, cultivating an extensive knowledge in DDoS attack methodologies.
Ron holds a Bachelor of Science degree in Business and has earned many technical certifications throughout his engineering-focused career. Ron acutely understands the impact of technology and security on business and is enthusiastic about their interrelation. - William J. Malik, CISAVP, Infrastructure Strategies, Trend Micro
William Malik helps clients structure their IT environments to minimize the loss, alternation, or inadvertent exposure of sensitive information. His information technology career spans over four decades. Prior to Trend Micro, he worked at Gartner for twelve years where he led the information security strategies service and the application integration and middleware strategies service. Before Gartner, William was CTO of Waveset, an identity management vendor. He also co-authored the Cobit version 3 standard. In addition, he spent 12 years at IBM, where he worked in MVS development, testing, and business planning. William is a Certified Information Systems Auditor (CISA).
- Daniel ReitherManager, Information Security, Health Partners Plans
- Lieutenant Colonel Ernest WongAsst. Professor of Systems Engineering, U.S. Military Academy, Research Scientist, Army Cyber Institute
Ernest Wong is a Research Scientist at the Army Cyber Institute and a United States Military Academy Assistant Professor of Systems Engineering.
- Vana KhuranaSr. Solutions Architect, Security Specialist, Cloud Security Alliance Delaware Valley
Vana Khurana is CISSP, AWS Certified Architect (A), CCSP, CCSK, GSEC, and TOGAF certified. Vana serves as Director of Training and a Board Member of Cloud Security Alliance Delaware Valley Chapter. She is also an Adjunct Faculty at Temple University, Philadelphia. Vana has authored the book "IT Process Management," available on Amazon.
- Tony MeholicDirector of Cybersecurity / CISO, The Bancorp Bank
Anthony is currently Director of Cybersecurity, Chief Security Officer at The Bancorp Inc. in Wilmington, Delaware. He has worked extensively with application development including creation of simulation software for emergency medical providers, work with local government agencies on EMS trending and metrics and customized user interfaces for medical diagnostic software. His experience in Information Security at The Bancorp, JPMorgan Chase, Citibank and Republic Bank in Philadelphia included detailed work on encryption key management, security reviews, risk assessments and security testing for financial institutions. He has been responsible for the creation and implementation of numerous information security programs such as: Mapping of the Cybersecurity program to the NIST Cybersecurity Framework and FFIEC Self-Assessment Tool, Vendor Management, project security reviews, customized encryption key management, establishment of an internal penetration testing program, comprehensive risk assessment, and vulnerability management. Anthony is a graduate of Michigan State University and has over 20 years of IT experience. He is a regular speaker at international information security conferences and is a frequent trainer for a variety of federal agencies. Anthony has authored numerous articles for Tech Target, Information Security Magazine and Hackin9 Magazine.
- Ken PylePartner, Information Security, DFDR Consulting
Ken Pyle is a partner of DFDR Consulting specializing in Information Security, Computer Forensics, Enterprise Virtualization, and Network Engineering. Ken has an extensive background in Network Penetration and Remediation, Compliance, and exploit development. Ken has published exploit research and vulnerabilities for a large number of companies, including Dell, Cisco, Sonicwall, Sage Software, and DATTO. Ken’s academic work includes social engineering research, election interference,, application of sociology and psychological factors to phishing campaigns, and technical work on next generation attacks.
• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
Don't miss out! Join your InfoSec peers for high-quality, affordable training and networking. Sign up today.