Click here to view registration types and pricing (PDF)
Conference Agenda
Filter by registration level:
  • session level iconOpen Sessions
  • session level iconConference Pass
  • session level iconSecureWorld Plus
  • session level iconVIP / Exclusive
  • Wednesday, April 10, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    Advisory Council Breakfast – (VIP / INVITE ONLY)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    8:00 am - 9:15 am
    8:00 am
    SecureWorld PLUS Part 1 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    Earn 16 CPEs With This in-Depth 3-Part Course
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 1 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:00 am
    SecureWorld PLUS Part I
    • session level icon
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    8:30 am
    Cybercrime and What Your Insurance Company Is Doing About It
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Being insured isn’t the same as being prepared. As cyber criminals continue to attack businesses at an alarming rate across every possible point of vulnerability, business insurers are taking dramatic steps to provide a more comprehensive and preventative solution to combat the growing cyber threats. Tech forensic companies, network security specialists and white hat hackers have come together with insurance providers to offer a new generation of threat intelligence services. While an unusual pairing, tech and insurance professionals are now collaborating to create state-of-the-art cyber security solutions.
    8:30 am
    Jumping the Canyon From Technical to Leadership and Landing Successfully
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Making the jump from a technical role to a leadership role, and lessons learned from the other side. Technology is easy, security in principle is not difficult – the challenge is working with other people, understanding the culture and determining who you are and want to be.

    8:30 am
    Evolution of Privacy Requirements: A Global Update
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Whether you noticed or not, Privacy is very much back on the agenda globally. From the European General Data Protection Regulation (GDPR), to Qatar’s new personal data privacy law, and everything in between, when doing business globally, privacy and a holistic approach to data governance is an increasingly important consideration as there is no privacy without security. During this session, we will take you through the evolution of privacy, the major changes around the world, and delve in to GDPR and how it may impact you, and provide some predictions of upcoming trends. Closer to home, we will discuss the current privacy landscape and why Privacy Shield “adequacy” remains the overwhelmingly relevant question, and the impact of what looks like a retraction of agreement by the UK.

    8:30 am
    GDPR Compliance 101
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    This presentation outlines the requirements of the EU General Data Protection Regulation and highlights key compliance challenges.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE:
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    11:15 am
    IoT Defense: A Holistic Approach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Reviewing the current state of IoT devices, their cloud endpoints and the connection between them to understand the threat landscape and where our focus needs to be in the years ahead.

    11:15 am
    Vendor Risk Management – Understanding and Managing 3rd Party Cyber Risk
    • session level icon
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Now more than ever an effective Vendor Risk Management (VRM) Program should be a pillar of any Enterprise Risk Management strategy. The Cybersecurity risks that are inherent to your organization multiply exponentially whenever you introduce external vendors. In this session learn how to effectively audit, measure and continuously monitor your 3rd parties.

    11:15 am
    RESILIENCE: Not Just for Computers, for YOU
    • session level icon
    Resilience is a critical skill of a successful pro and you can build it for yourself.
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    For many, if not most of us, we either fear failure, or we are figuring out how to recover from it. Karen’s own personal crisis as the CISO of Microsoft is what drives her to share radical resilience strategies for pros so you can roll with the punches and find the best path for you health, wealth and relationships.

    11:15 am
    It is Cloudy Out There!
    • session level icon
    speaker photo
    Cloud Security Architect, The Vanguard Group
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm

    Has your organization already moved to public cloud, or considering? If so, you need to attend this talk to understand how it’s different than the on-prem security. You need to know what assets, users and data you have in the cloud. You also need to pay attention to what controls are missing in the cloud. This presentation will walk though some of the issues and tips of cloud security.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    12:15 pm
    LUNCH KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    1:15 pm
    Panel: Building a Better Mouse Trap (Emerging Threats)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    To be successful, as an industry, we must strive to get ahead of the bad guys. Easy enough to say but how? By taking a look at the capabilities of the threats we see today we should be able to make some educated guesses on what threats of tomorrow will look like. We know the bad guys don’t follow the rules, take the path of least resistance, and don’t care who they hurt in the process. We need to start thinking like them so that we can figure out what their next step is instead of guessing/hoping.

    1:15 pm
    Panel: Cloudy With a Chance of Breach
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    Everything old is new again. Migrating to the cloud certainly is not a new thing. It is for some smaller companies that are just now able to afford making the move to the cloud. Cloud boasts a secure, disaster proof option for companies to store their data offsite with access to that data from practically anywhere. So, who’s fault is it when the data is compromised? What if your information is stolen from the cloud because another user’s data was at fault? At the end of the day, isn’t the cloud just someone else’s computer? Join this panel discussion as they guide you through the pros and cons in migrating to the cloud.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    3:00 pm
    Implementing a Successful Privileged Access Management Program - Lessons Learned
    • session level icon
    speaker photo
    IT Program Manager, Aetna
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Exploitation of privileged access is the #1 root cause of most large scale breaches in the recent past. Organizations are at risk of exploitation as there are typically limited controls (tools, processes) to manage privileged access and little to no comprehensive view of these controls. A well-run Privileged Access management program can considerably mitigate the intentional/unintentional misuse of privileged access at all levels in the IT Stack (Host, Database, Network, Applications). This session will provide pointers on how to run a successful multi-year Privileged Access Management Program.

    3:00 pm
    Third-Party Vendor Risk Management, Lessons Learned, and Best Practices
    • session level icon
    speaker photo
    IT Risk Lead, Campbell Soup Company
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Modern business today relies on third parties to reduce overhead and cost. This can include the transfer of critical data which sometimes include “Crown Jewels.” How businesses evaluates these vendors should be built into the procurement process, but also take in to account how the vendor responds to these requests—and not just from you, but from every other company they are hosting, processing, and transferring data for.

    Learn how you can streamline the process and create value for both your company and your vendor(s).

    3:00 pm
    A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape
    • session level icon
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    A Survey of U.S. Domestic Security and Privacy Laws: The Evolving Landscape. The US legal framework for cybersecurity and data privacy continues to evolve, trying to stay abreast of the ever evolving and changing technologies. In the past year, State and Federal regulatory changes have altered the legal and compliance oblgiations of many companies across a variety of industries. Additionally, the courts are starting to adopt opinions that are placed more liability on companies for the protection of sensitive personal data. This presentation will provide an overview of key regulatory and legal changes both at the State and Federal level and discuss how companies should prepare to meet these evolving obligations.

    3:00 pm
    Data Mapping
    • session level icon
    Understanding How Your Data Moves Within and Without Your Organization
    Registration Level:
    • session level iconOpen Sessions
    3:00 pm - 3:45 pm

    One essential component of health IT interoperability and improved care is the exchange of information. Data mapping plays a key role in not only moving data but also in understanding where and how the data moves.

    3:00 pm
    SecureWorld PLUS Part 2 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    3:00 pm
    SecureWorld PLUS Part 2 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS registrants ONLY
    speaker photo
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform
    Registration Level:
    • session level iconSecureWorld Plus
    3:00 pm - 4:30 pm

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

  • Thursday, April 11, 2019
    7:00 am
    Registration Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    7:00 am - 3:00 pm
    Location / Room: Registration Desk
    8:00 am
    SecureWorld PLUS Part 3 - Designing and Building a Cybersecurity Program based on the NIST Cybersecurity Framework
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    CISO and Adjunct Faculty, University of Massachusetts
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    The University of Massachusetts has developed a 6 hour SecureWorld Plus training class that instructs attendees on the best practices for designing, building, and maintaining a Cybersecurity Program based on the NIST Cybersecurity Framework. Organizations who currently use the Framework or are planning to use the Framework for their cybersecurity program will benefit from this course.

    This innovative education and training program includes the following key elements:

    • An introduction to the key components of the NIST Cybersecurity Framework
    • How to use the Framework to support business strategy, technology strategy, and cyber-risk strategy
    • An approach for adopting the framework to build and sustain secure and resilient infrastructure, secure and resilient networks, secure and resilient applications
    • How to use the framework to protect critical information assets
    • A Controls Factory Model that organizations use to create an Engineering Program, a Technical Program and a and Business / Management Program
    • A methodology for developing a Cybersecurity Strategy, System Security Plan (SSP), Risk Assessment, Plan of Action and Milestones (POA&M) and Executive Report

    The class will help individuals and organizations acquire knowledge, skills and abilities to:

    • Develop a strategy to apply the NIST Cybersecurity Framework (NCSF) to their environment
    • Create a comprehensive System Security Plan (SSP) based on the NIST Cybersecurity Framework
    • Conduct a Risk Assessment to compare the current profile with the target profile and identify any gaps that need to be addressed
    • Develop a Plan of Action and Milestones (POA&M) to mitigate the highest priority gaps
    • Establish an Executive Report to measure and communicate current profile, target profile, POA&M and program plan / roles and responsibilities to remediate identified gaps
    • Identify required workforce skills and develop career pathways for improving skills and experience

    About the Instructor – Larry Wilson:

    • Larry Wilson is the former CISO for UMass President’s Office from 2009 to 2017
    • Prior to UMass, Larry developed and managed the Global Infrastructure Services (GIS) Security Program for State Street Corporation
    • Larry has been teaching cybersecurity courses based on the NIST Cybersecurity Framework at SecureWorld events for the past 5 years
    • Larry has conducted over 20 consulting engagements, helping organizations design and build cybersecurity programs based on the NIST Cybersecurity Framework

    The program and its author have won the following industry awards:

    • Security Magazine’s Most Influential People in Security, 2016
    • SANS People Who Made a Difference in Cybersecurity Award, 2013
    • Information Security Executive (ISE) North America Program Winner for Higher Education, 2013
    8:00 am
    SecureWorld PLUS Part 3 - How to Build and Maintain a Game-Changing Security Awareness Program That Measures Success
    • session level icon
    SecureWorld PLUS Registrants ONLY
    speaker photo
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am

    Every organization seeks a security-aware culture, but how can you build an effective information security awareness program that addresses compliance and motivates changes in employee behavior for the better? People are the greatest asset and the weakest link in securing intellectual property and protecting sensitive data within every enterprise; therefore, a well-organized security awareness program is essential.

    You will learn how an effective program that offers lasting solutions requires the right mix of skills, knowledge, executive support and resources. This hands-on workshop will teach you what you need to know to implement just such a program. Offering award-winning case studies, interactive discussions and group participation in exercises, this session will enable you to hit the ground running with a customized plan that meets your organization’s needs when you head back to the office.

    Part 1: Information Security Awareness Fundamentals and War Stories
    What important building blocks, resources and communication strategies are essential to successfully implement your program? How can you reduce the risk of a data breach or other unwanted outcomes using a comprehensive approach to information security awareness? What best practices and examples have succeeded that can be emulated?

    Part 2: Building and Maintaining Your Organization’s Information Security Awareness Plan
    After several checklists and overall program templates are presented in detail, the second part of this workshop will include peer interactions and discussions that can be used to tailor your specific plan to implement a customized security awareness program. Depending on the size and complexity of your organization, participants will either build their plan or create the outline of their information security awareness program – with details to be inserted later.

    Part 3: Reinventing Your Information Security Awareness Program
    So you already have an Information Security Awareness Program, but it’s not working. Is it time to start-over or tweak the plan? What strategies work to get executive buy-in? What are your missing? What are some common mistakes to avoid? How can you improve what you’re already doing?  Small group discussions, break-out Q/A as well as several successful toolkits are covered.

    8:00 am
    SecureWorld PLUS Part III
    • session level icon
    Registration Level:
    • session level iconSecureWorld Plus
    8:00 am - 9:30 am
    8:30 am
    Blockchain and Data Protection Laws: Can They Co-Exist?
    • session level icon
    speaker photo
    Managing Partner, XPAN Law Group, LLC
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am
    Blockchain and Data Protection Laws: Can they Co-Exist? With the increasing emphasis on data privacy, and the adoption of data protection regulations, Blockchain faces hurtles in complying with these regulatory obligations while allowing for the continued evolution of the technology. This presentation will discuss the ways in which Blockchain needs to take into account core privacy principles, and discuss the practical implications of various data protection regulations, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other regulatory requirements.
    8:30 am
    Cloud and Outsourcing, Oh No
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Everyone does some sort of outsourcing or using the cloud. Do you have the necessary requirements and third party programs built and implemented? Many companies continue to “Oops, I forgot” or “Oops, I didn’t think about that.” What are basic items that need to be in place BEFORE you contract.

    8:30 am
    Blockchain + IoT = <3
    • session level icon
    Registration Level:
    • session level iconConference Pass
    8:30 am - 9:15 am

    Blockchain technology is very young and often times overhyped. In this talk we will cut through the hype and explore the use of blockchain technology to secure IoT devices. No previous understanding of blockchain technology is required to attend.

    9:00 am
    Exhibit Floor Open
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:00 am - 3:00 pm
    Location / Room: Exhibitor Floor

    This is the time to visit exhibitors participating in Dash For Prizes & CyberHunt for your chance to win prizes!

    9:30 am
    OPENING KEYNOTE:
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    9:30 am - 10:15 am
    Location / Room: Keynote Theater
    10:15 am
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    10:15 am - 11:15 am
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    11:00 am
    Advisory Council Roundtable (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    11:00 am - 12:00 pm
    11:15 am
    Business and the Beast
    • session level icon
    speaker photo
    Director, Cybersecurity Risk Management, Thermo Fisher Scientific
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    Technology has created not just new jobs requiring new skills – it has fundamentally changed the way we work on a daily basis. However, for every company pushing the boundaries of technology, there are many more holding on to the traditional views of what a business should be and how it should operate. Cybersecurity teams are not insulated from these changes, and our industry is subject to entrenched and outdated modes of operation as many others. This talk is about the beasts – the myriad of changes and advancements occurring across business that are challenging the fundamental ways businesses have been operating for generations.
    11:15 am
    EU GDPR: Enforcement Landscape, Key Security Risks, and Recommendations
    • session level icon
    speaker photo
    Partner, Park Legal LLC
    Registration Level:
    • session level iconConference Pass
    11:15 am - 12:00 pm
    The GDPR has been in effect since May 25, 2018. Hear from a presenter who sits on a team with the EU and other data protection regulators about the number of complaints and security breach reports that various EU member states have received since the GDPR took effect, as well as enforcement under that regulation. The presenter will also discuss key triggers for enforcement, particularly in relation to IT security, and will provide recommendations to help organizations successfully address the complex GDPR and member state requirements for IT security.
    11:15 am
    Trials and Tribulations of Identity Access Management
    • session level icon
    Lock it down! Making sure access is granted only to those who need it without losing your mind.
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Logical security is a key aspect of securing our environments, however it’s also known as the low hanging fruit of issues companies are facing in 2018. This discussion will focus on outlining the various components of a well secured IAM program and where to start and baby steps to lock down your enterprise. We’ll also discuss various industry tools to help automate these processes.

    11:15 am
    Rethinking Network Security With a Software-Defined Perimeter
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    11:15 am - 12:00 pm

    Traditional network security is failing us. This session introduces a new, open network security model, the Software-Defined Perimeter. This architecture, published by the Cloud Security Alliance, verifies and secures all user access to network resources, improving security and compliance for both on-premises and cloud environments.

    12:00 pm
    Advisory Council Lunch Roundtable – (VIP / Invite Only)
    • session level icon
    Registration Level:
    • session level iconVIP / Exclusive
    12:00 pm - 1:00 pm
    12:15 pm
    LUNCH KEYNOTE
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    12:15 pm - 1:00 pm
    Location / Room: Keynote Theater
    1:15 pm
    Panel: The Battle for the Endpoint Continues (Endpoint Security)
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    What are you doing to keep the network safe for your employees? You’ve got your fancy next-gen firewall and some A/V. Maybe even some biometrics or 2FA thrown in for safekeeping. We also keep hearing the IAM acronym thrown around. And what is Zero Trust? What are you missing? Oh, yeah… remote workers and IoT. Wouldn’t it be cool if you had someone to ask? Now you do. This panel will go through these questions and more. Join the group discussion as we address the challenges in endpoint and network security.

    1:15 pm
    Panel: Access Control – The End of the Password?
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    1:15 pm - 2:15 pm

    “Open Sesame!” Whether you recognize the term coming from Ali Baba or one of the forty thieves, this timeless password ranks up there with “password123” or “admin” on your home wireless router. Passwords were created to keep us safe or keep something safe for us. Back in the day you were able to look the person in the eye when they said the password. You knew (roughly) what you were getting, and you could perform a risk assessment (of sorts) on the speaker. Now, with some many ways at getting our information, the password is going the way of the dodo.  Is 2FA good enough? Zero Trust? Pass phrases? Perhaps your own voice is the password? I don’t know the answer, but I’d be willing to bet that some of the experts on this panel will be able to help you decide what to do with the password dilemma.

    2:15 pm
    Conference Break / Exhibitor Product Demonstration
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:15 pm - 3:00 pm
    Location / Room: Exhibitor Floor

    Reboot with coffee and infused water while visiting exhibitors on the exhibitor floor.

    2:30 pm
    Dash for Prizes & CyberHunt
    • session level icon
    Registration Level:
    • session level iconOpen Sessions
    2:30 pm - 2:45 pm
    Location / Room: Exhibitor Floor

    Be sure to have exhibitors scan your badge for a chance to win prizes. Past prizes have included Kindles, Bose headphones, gift cards, iPads, iPods and more! *Must be present to win

    3:00 pm
    Ransomware Response – Rejecting the Threat
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm

    Ransomware is among the hottest topics in the list of cybersecurity concerns for 2017. Chasing after ransomware components requires constant attention and often yields results that are inconclusive or too late. This session will focus on the protection from the harm threatened by a ransomware attack.

    3:00 pm
    A Shared Leadership Approach to IT/Security
    • session level icon
    It's time to deputize everyone as IT/Security agents!
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Location / Room: Wayne

    IT/Security is a company-wide responsibility, with company-wide exposure. Our IT/Security teams CAN’T do this alone. I provide tools, templates, visuals, on-boarding procedures, and new job descriptions—all easily implemented to provide a Shared Leadership Approach to IT/Security. We don’t have to pay outside vendors to secure our data when we can do it ourselves, internally! I will be providing a fast-moving, 30-slide presentation with handouts to take back to your company to begin the transformation right now.

    3:00 pm
    The Weaponization of AI
    • session level icon
    Registration Level:
    • session level iconConference Pass
    3:00 pm - 3:45 pm
    Although AI is being hailed as the new silver bullet for cyber defense, it is also the source of many fears as to its weaponization and use in the hands of cyber criminals and other malicious attackers. Risks include the creation and use of highly intelligent malware. Risks also include both the increasing autonomous nature of vehicles and others devices. This session will explore these risks and their potential impact on our society and world.
Exhibitors
  • ASIS
    Booth: TBD

    ASIS International is the world’s largest membership association for security professionals. With hundreds of chapters across the globe, ASIS is recognized as the premier source for learning, networking, standards, and research. ASIS ensures its members and the security community have access to the intelligence and resources necessary to protect their people, property, and information assets. www.asisonline.org

  • baramundi software USA, Inc.
    Booth: TBD

    baramundi software USA, Inc. provides companies and organizations with efficient, secure, and cross-platform management of workstation environments. Around the world, over 2,000 customers of all sizes and from every sector benefit from the independent German manufacturer’s many years of experience and outstanding products. These are compiled into an integrated, future-orientated unified endpoint management approach in the baramundi Management Suite: endpoint management, mobile device management, and endpoint security are provided via a shared interface, using a single database, and according to global standards.

  • Big Switch Networks
    Booth: TBD

    Big Switch Networks is the next-gen networking company. Big Monitoring Fabric is an NPB that enables pervasive visibility and security across all workloads: physical, VM , container or cloud. Big Mon Inline enables pervasive security in the DMZ while offering lower-cost and SDN-centric operational simplicity. Tech partnerships include: A10, Palo Alto Networks, Symantec, FireEye, ExtraHop, Riverbed.

  • Carbon Black
    Booth: TBD

    Carbon Black is Transforming Security Through Big Data and Analytics in the Cloud Growing trends in mobility and cloud have made the endpoint the new perimeter. New and emerging attacks are beating traditional defenses, and security teams are too reactive and held back by their technologies. Carbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, we are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.

     

  • Colbalt.io
    Booth: TBD

    At Cobalt, we use a combination of data, technology and talent to meet the security challenges of the modern web or mobile application, and ensure we provide the smartest, most efficient services possible. From Cobalt Central, our powerful vulnerability dashboard, to Cobalt Insights, which gives you an intelligent overview of your application security program, we are driven by great technology.

  • Comodo Cybersecurity
    Booth: TBD

    In a world where preventing all cyberattacks is impossible, Comodo Cybersecurity delivers an innovative cybersecurity platform that renders threats useless, across the LAN, web and cloud. The Comodo Cybersecurity platform enables customers to protect their systems and data against even military-grade threats, including zero-day attacks. Based in Clifton, New Jersey, Comodo Cybersecurity has a 20-year history of protecting the most sensitive data for both businesses and consumers globally.

     

  • CRANIUM
    Booth: TBD

    CRANIUM is specialized in privacy and security solutions and services. CRANIUM supports and familiarizes your organization with the compliance with General Data Protection Regulation (GDPR) and protection against cyber-attacks and other possible data breaches. By building bridges between IT, legal and business, CRANIUM provides profound end-to-end solutions on both tactical and operational levels and prepares your company for GDPR.

  • Darktrace
    Booth: TBD

    Darktrace is the world’s leading machine learning company for cyber security. Created by mathematicians from the University of Cambridge, the Enterprise Immune System uses AI algorithms to automatically detect and take action against cyber-threats within all types of networks, including physical, cloud and virtualized networks, as well as IoT and industrial control systems. A self-configuring platform, Darktrace requires no prior set-up, identifying advanced threats in real time, including zero-days, insiders and stealthy, silent attackers. Headquartered in San Francisco and Cambridge, UK, Darktrace has 24 offices worldwide.

  • Delta Risk
    Booth: TBD

    Delta Risk was founded in 2007 from a vision of strategic and operational effectiveness to assist private sector and government organizations in understanding their current cyber security posture and building advanced cyber defense and risk management capabilities. We are a global provider of strategic, operational, and advisory solutions, including managed security services and security consulting services. Delta Risk is a Chertoff Group company.

  • EC-Council
    Booth:

    International Council of E-Commerce Consultants, also known as EC-Council, is the world’s largest cyber security technical certification body. We operate in 140 countries globally and we are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Testing (Practical) programs, among others. We are proud to have trained and certified over 140,000 information security professionals globally that have influenced the cyber security mindset of countless organizations worldwide.

  • Electronic Crimes Task Force
    Booth:

    The role of the U.S. Secret Service has gradually evolved since the agency’s 1865 inception, from its initial mandate — suppressing the counterfeiting of U.S. currency — to protecting the integrity of the nation’s financial payment systems. During this time, as methods of payment have evolved, so has the scope of the Secret Service’s mission. Computers and other chip devices are now the facilitators of criminal activity or the target of such, compelling the involvement of the Secret Service in combating cyber crime. The perpetrators involved in the exploitation of such technology range from traditional fraud artists to violent criminals – all of whom recognize new opportunities to expand and diversify their criminal portfolio.

  • Global Cyber Alliance
    Booth: TBD

    The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measurable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks. GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org

  • HTCIA Delaware Valley Chapter
    Booth:

    The High Technology Crime Investigation Association (HTCIA) is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge, about methods, processes, and techniques relating to investigation and security in advanced technologies among its membership.

    By becoming a member of the HTCIA you will affiliate yourself with a professional organization which will help you fully understand and address issues associated with investigations, apprehensions and methodologies associated with the newest breed of high tech criminals. With the explosion in use of computers and the Internet, there is an uprising in criminal activities that utilize these powerful tools. From computer viruses to data processing fraud, there are many growing threats that expose our society to a new kind of criminal activity.

  • InfoSec-Conferences.com
    Booth: TBD

    We’re the InfoSec Community’s #1 ‘Go To’ resource for Cybersecurity Conferences. Since 2012 we’ve provided Cybersecurity Professionals with accurate event listings that are manually checked and updated every day.

  • InfraGard Philadelphia
    Booth:

    InfraGard is a partnership between the FBI and the private sector. It is an association of people from businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Philadelphia InfraGard Members Alliance (IMA) provides a forum for the exchange of information between the government, the owners and operators of the national infrastructure, and others concerned with the protection of the national infrastructure. Philadelphia IMA supports eastern Pennsylvania and southern New Jersey. Membership is free and new members are welcome.

  • ISACA Philadelphia
    Booth:

    The Philadelphia Chapter of ISACA has a membership base of more than 1,600 individuals primarily located in the Philadelphia and the surrounding suburbs, extending into Delaware and Southern New Jersey. The membership of the Chapter includes professionals working in various industries and capacities. From students through experienced C-level executives, the Philadelphia Chapter provides, training, networking and social events to this diverse group who share the common goal of providing expertise in IT audit, security, risk, and governance topics to their colleagues. The Chapter conducts events on a monthly basis led by an active, vibrant and dedicated group of volunteers and is actively seeking business partners to help provide value and knowledge to its members.

  • (ISC)2
    Booth: TBD

    (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education ™ Follow us on Twitter or connect with us on Facebook.

  • ISSA Delaware Valley
    Booth:

    Our chapter serves the Delaware Valley and Mid-Atlantic region. This is comprised of Eastern Pennsylvania, Northern Maryland, Southern New Jersey, and Delaware.
    We are making history as we continue to grow the chapter with your membership, and bring exciting programs to you. If you have not already been involved in the membership meetings, we encourage you to do so. Hopefully, you will walk away with more ideas to take back to your organizations, or you may come away with a sense of – “Hey, we had that same problem”, or “Our company is not alone in dealing with these issues.”

  • Ixia, a Keysight Business
    Booth: TBD

    We provide testing, visibility, and security solutions to strengthen applications across physical and virtual networks. Organizations use our tools and capabilities to test, secure and visualize their networks so their applications run stronger.

  • OWASP
    Booth:

    The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

  • PACT
    Booth:

    Philadelphia Alliance for Capital and Technologies (PACT)’s vision is to be the go-to resource for fast growing companies, and a driver of entrepreneurship and innovation in the Philadelphia region. PACT provides its members with valuable content and connections to capital, coaching, and customers that will accelerate their growth and success, and to collaborate with other organizations to drive innovation and entrepreneurship in the region. Visit www.philadelphiapact.com for more information.

  • Rapid7
    Booth: TBD

    Rapid7 transforms data into insight, empowering IT and security professionals to progress and protect their organizations. How? Our solutions are powered by advanced analytics and an unmatched understanding of the attacker mindset. This makes it easy to collect data, transform it into prioritized and actionable insight, and get it to the people who can act on it—all in an instant.

  • SecureAuth
    Booth: TBD

    SecureAuth enables companies to determine identities with absolute confidence. Whether you’re seeking to continuously secure employee,
    customer or partner access, SecureAuth’s flexible and adaptive platform makes everything fast, frictionless and pain-free. Guaranteed.

  • Sonatype
    Booth: TBD

    We are laser focused on helping organizations continuously harness all of the good that open source has to offer, without any of the risk.  In order to do this, we have invested in knowing more about the quality of open source than anyone else in the world. This investment takes the form of machine learning, artificial intelligence, and human expertise, which in aggregate produces highly curated intelligence that is infused into every Nexus product.  Organizations equipped with Nexus products make better decisions, innovate faster at scale, and rest comfortably knowing that their applications always consist of the highest quality open source components.

  • TechTarget
    Booth:

    TechTarget (NASDAQ: TTGT) is the online intersection of serious technology buyers, targeted technical content and technology providers worldwide. Our media, powered by TechTarget’s Activity Intelligence platform, redefines how technology buyers are viewed and engaged based on their active projects, specific technical priorities and business needs. With more than 100 technology specific websites, we provide technology marketers innovative media that delivers unmatched reach via custom advertising, branding and lead generation solutions all built on our extensive network of online and social media. TechTarget is based in Boston and has locations in Atlanta, Beijing, Cincinnati, London, Paris, San Francisco, Singapore, and Sydney.

Return to Agenda
Keynote Speakers
Speakers
  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Vana Khurana
    Cloud Security Architect, The Vanguard Group

    Vana Khurana, Cloud Security Architect, The Vanguard Group, CISSP, AWS Certified Architect (A), CCSP, CCSK, GSEC. Director of Training and Board Member of Cloud Security Alliance Delaware Valley Chapter. Also, an Adjunct Faculty at Temple University, Philadelphia.

  • speaker photo
    Tariq Shaikh
    IT Program Manager, Aetna

    Tariq Shaikh leads the Privileged Access Management practice for Aetna as part of their Global Security team. Tariq has more than 20 years of technology experience and is a certified project manager and information systems security professional. Tariq is an SME in the Privileged Access Management space and has spoken extensively about it at industry conferences. He also leads a security academy for Aetna that aims to educate participants about cyber security and protect and advance the profession.

  • speaker photo
    Bernie McGuinness
    IT Risk Lead, Campbell Soup Company

    Bernie is a cybersSecurity professional with over 20 years’ experience, both hands on and regulatory compliance of multiple complex systems within the Department of Defense and the commercial space. He provides in-depth knowledge on Third-Party Risk Management, Information Security, Assurance, Audit, and IT Operations, within industry. Holder of a CISSP, CRISC, and CTPRP.

  • speaker photo
    Jordan Fischer
    Managing Partner, XPAN Law Group, LLC

    Jordan L. Fischer is co-founder and managing partner of XPAN Law Group, LLC, a Women-Owned boutique law firm. She focuses her practice on international data privacy and cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the General Data Protection Regulation (GDPR). Jordan has extensive experience in the intersection of law and technology. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Larry Wilson
    CISO and Adjunct Faculty, University of Massachusetts

    Larry Wilson is currently a senior consultant and former Chief Information Security Officer for the University of Massachusetts President's Office. In the CISO role, Larry was responsible for developing, implementing and overseeing compliance with the UMass Information Security Policy and Written Information Security Plan (WISP). In addition to designing and deploying the UMass cybersecurity program, Larry has developed and delivered cybersecurity training at multiple industry events, workshops, training venues, etc. Courses include Designing and Building a Cybersecurity Program, The NIST Cybersecurity Framework Foundations, The NIST Cybersecurity Framework Practitioners, Engineering, Technology and Business Labs and Workshops based on the NIST Cybersecurity Framework, etc. Larry has also worked with multiple companies in multiple industries to help design, build and maintain their Cybersecurity Programs and evaluate their current security posture.

  • speaker photo
    Dan Lohrmann
    Chief Strategist and CSO, Security Mentor, Named One of the World's Top 100 IT Security Influencers for 2019 by CISO Platform

    Dan Lohrmann is Chief Strategist and Chief Security Officer (CSO) at Security Mentor. In this role, Lohrmann leads efforts to define and develop key strategic initiatives for the company’s security awareness training offerings, including new programs that can improve security and compliance by elevating an organization’s workforce into security savvy employees. Representing Security Mentor, Lohrmann serves as thought leader serving as a keynote speaker on security and security awareness training, and giving government and industry presentations.

    Over the past decade, Lohrmann has advised the U.S. Department of Homeland Security, the White House, FBI, numerous federal agencies, law enforcement, state and local governments, non-profits, foreign governments, local businesses, universities, churches, and home users on issues ranging from personal Internet safety to defending government and business-owned technology and critical infrastructures from online attacks. Prior to joining Security Mentor, Lohrmann was Michigan's first CSO and Deputy Director for Cybersecurity and Infrastructure Protection and has been recognized as a global leader in cyber defense for government.

    Previously, Lohrmann represented the National Association of State Chief Information Officers on the U.S. Department of Homeland Security’s IT Government Coordinating Council where he assisted in the writing and editing of the National Infrastructure Protection Plans, sector specific plans, Cybersecurity Framework, and other federal cyber documents. Lohrmann is the author of two books: Virtual Integrity: Faithfully Navigating the Brave New Web, published in November 2008 by Brazos Press and BYOD for You: The Guide to Bring Your Own Device to Work, published in Kindle format in April 2013.

    He has been honored with numerous cybersecurity and technology leadership awards, including “CSO of the Year” by SC Magazine, “Public Official of the Year” by Governing magazine and “Premier 100 IT Leader” by Computerworld Magazine. Lohrmann received his bachelor’s degree in computer science from Valparaiso University in Indiana and his M.S. in Computer Science from Johns Hopkins University in Baltimore.

  • speaker photo
    Jordan Fischer
    Managing Partner, XPAN Law Group, LLC

    Jordan L. Fischer is co-founder and managing partner of XPAN Law Group, LLC, a Women-Owned boutique law firm. She focuses her practice on international data privacy and cybersecurity and cross-border data management, with a special emphasis in European Union data privacy regulations and the General Data Protection Regulation (GDPR). Jordan has extensive experience in the intersection of law and technology. She is also an Assistant Professor of Law at the Thomas R. Kline School of Law at Drexel University.

  • speaker photo
    Bryan Inagaki
    Director, Cybersecurity Risk Management, Thermo Fisher Scientific

    Bryan's path to information security was anything but direct, and he took a few detours in the worlds of small business, federal law enforcement and financial services before finding himself fully entrenched in the industry. As a physical security professional first and an information security professional second, Bryan enjoys the challenge of mixing the real with the intangible and taking lessons learned from time spent in critical threat areas to make his teams more effective and efficient.

  • speaker photo
    Joan Antokol
    Partner, Park Legal LLC

    Joan is a partner at Park Legal LLC, a law firm with offices in New Jersey and Indianapolis. Since 2002 and continuing, she has been one of the only outside counsel invited to be a member of a regulator team chaired by the Berlin Data Protection Commissioner, which includes members of the Supervisory Authorities from each EU member state, as well as a growing number of other countries around the world. Joan is a frequent speaker at data privacy conferences in the US and EU, and has published a number of articles. She counsels multinationals and other clients on a wide variety of data privacy and security topics, and handles many security breaches.

Conference App and Microsite!
Registration is easy and takes just a few minutes. Once you get started you can use your phone, tablet or internet browser to:

• Create a personalized agenda
• View maps of the venue and Exhibit Hall
• Use secure messaging to network with attendees
• View speaker slides after the conference
• Play CyberHunt, the app game, and compete for prizes
app store play store
Invest in yourself

Join your InfoSec peers for high-quality, affordable training and collaboration. Sign up today!